bcc96737a0f912fcf031cf8c45ebda352a90a40437db0832caad3d5a63618b38

Analysis

max time kernel
91s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

netty-codec-4.1.97.Final.jar
Size

337KB
MD5

aa46c70ffdf48e421e8139a2a5ef452a
SHA1

384ba4d75670befbedb45c4d3b497a93639c206d
SHA256

bcc96737a0f912fcf031cf8c45ebda352a90a40437db0832caad3d5a63618b38
SHA512

fe500b4620bbac0d172c84aa4c89c59b7a3b61a9b992c3f6dba5708a58ad7ea04c1b0a273a31a8800a61b9a9855e06251054d8bf137597afd759fe8d552c6a25
SSDEEP

6144:Qk92HrDhk3/3N3FgI4E08VVaCQUwkeszHYL5ULtt/hsM3m:Qk2ryvzg5D8WX1yUlU5t/akm

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3196	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 3196	3764	java.exe	83
PID 3764 wrote to memory of 3196	3764	java.exe	83

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\netty-codec-4.1.97.Final.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
c9aded24f789653f13a02b4601fb807a

SHA1
87adc1c7a169ddeee9e67d13da2968b10b65b233

SHA256
ffd2f3fa368e3cbcb3054c4fae0821de4d926e86aa24d9b11b7d9fa3ec2a70b6

SHA512
1551f91a637a7e3ed538ab927541284e55a538d565259205183cb2e6aee15291c304f3c8ce4dd44c53ea2fd7239b8e750ed8b991f7b62ee0a874a0c466909592

Download Submit
memory/3764-2-0x00000253B57A0000-0x00000253B5A10000-memory.dmp

Filesize
2.4MB

Download
memory/3764-12-0x00000253B3F10000-0x00000253B3F11000-memory.dmp

Filesize
4KB

Download
memory/3764-13-0x00000253B57A0000-0x00000253B5A10000-memory.dmp

Filesize
2.4MB

Download