c7a2cf760403a7ba3cae3128eb19344a9a509f20f60fbcd486164364650c1630

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 12:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

spring-context-support-5.3.30.jar
Size

182KB
MD5

1b31a4d3009217b07afda6b0c363c6f7
SHA1

1718aa21c02563a72d1d944c226c2cb76e510c15
SHA256

c7a2cf760403a7ba3cae3128eb19344a9a509f20f60fbcd486164364650c1630
SHA512

87f0d51e6146baf0b80bbfb117eb119d25e5bece9c807b9a0eeb3876810586e583d1db898ec63bc0a636faf679bd509fa8cc6ecd936353d9476b91fbf6936550
SSDEEP

3072:/H36UzK//YjEsMOxBMlGqbAFg+q/Avd1ejaYm/WA5mn742vd14o:vTzy/ImGPJmjHm/5EDd1d

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
928	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 928	4392	java.exe	85
PID 4392 wrote to memory of 928	4392	java.exe	85

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\spring-context-support-5.3.30.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
950fe0c2535b9bacc70a6707365493cb

SHA1
1d5338e9e1887e81511c85a7384db308b6b214ed

SHA256
59310b4cf73b021a880b89bac2aa394081bb20ead2d93ad101db889ffc8c3fc0

SHA512
ba1bcf26411b2c35b86052da9fa49b2cd507812a992074c973ac184611372fc61b5d59d9b59314af68ba43c1eeb9dc4f5d63f107b9e37d32201051ce2e477031

Download Submit
memory/4392-2-0x00000288B8200000-0x00000288B8470000-memory.dmp

Filesize
2.4MB

Download
memory/4392-12-0x00000288B6860000-0x00000288B6861000-memory.dmp

Filesize
4KB

Download
memory/4392-13-0x00000288B8200000-0x00000288B8470000-memory.dmp

Filesize
2.4MB

Download