21f24341643611dd7adcd9c7e0cd41397df043bc15c836251ec87e1264840b25

Analysis

max time kernel
133s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21f24341643611dd7adcd9c7e0cd41397df043bc15c836251ec87e1264840b25.exe
Size

4.7MB
MD5

c253174eb347c8c087f805ec1238a113
SHA1

8924e9eddde8fddbaac3345123a401e2a0db8277
SHA256

21f24341643611dd7adcd9c7e0cd41397df043bc15c836251ec87e1264840b25
SHA512

be5557221f0e4cdb3183cedfa31aaf6b84f7c0806dbba5eae470a9b9b14c25c8dd2e06225ef1bf4e90deee33ced9fa129cc4207005d2053dda221ca6aa888737
SSDEEP

98304:l1Q02esi1tFhYzWGIMD8npdc83WN86/IAoODltr8nye:fQHuphmWGIs0irRoOhV8V

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3860	icacls.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1732	javaw.exe
Token: SeRestorePrivilege	1732	javaw.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1732	javaw.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 1732	4772	21f24341643611dd7adcd9c7e0cd41397df043bc15c836251ec87e1264840b25.exe	82
PID 4772 wrote to memory of 1732	4772	21f24341643611dd7adcd9c7e0cd41397df043bc15c836251ec87e1264840b25.exe	82
PID 1732 wrote to memory of 3860	1732	javaw.exe	83
PID 1732 wrote to memory of 3860	1732	javaw.exe	83
PID 1732 wrote to memory of 628	1732	javaw.exe	85
PID 1732 wrote to memory of 628	1732	javaw.exe	85

C:\Users\Admin\AppData\Local\Temp\21f24341643611dd7adcd9c7e0cd41397df043bc15c836251ec87e1264840b25.exe
"C:\Users\Admin\AppData\Local\Temp\21f24341643611dd7adcd9c7e0cd41397df043bc15c836251ec87e1264840b25.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Program Files\Java\jdk-1.8\bin\javaw.exe
  "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=15 -jar "21f24341643611dd7adcd9c7e0cd41397df043bc15c836251ec87e1264840b25.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:3860
- - C:\Windows\SYSTEM32\cmd.exe
    cmd ver
    3⤵
    PID:628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

Filesize
50B

MD5
fee7eb2a768fb2cdba2ed05f3aada291

SHA1
507d924495b5117150c8bf7381fda04beba5445c

SHA256
3a1b155ddf3fd86586fdceba0ffc58650d3d98830e38e71599e57ec9572f231f

SHA512
bf96a7e067aefbcaf3625cc4389eb3f39d2ab17000adf27651ce98882b793c33e19be4f7fcb38bce919d2a14352f8b7722849beb998f09ee1be0a98c5142fa45

Download Submit
C:\Users\Admin\AppData\Local\Temp\hmcl.json

Filesize
817B

MD5
d4084216850a615b37ebd35eb2b8d155

SHA1
fdb87602b59bfa2ccd5617d0ae8d4a57ffe560eb

SHA256
82fdcc3b988db5a376701810b0ba203185d4624b1b647fbae44479ca1b57f6df

SHA512
6bf57587dc647a0ac2703020517aa7c86152384600bb1bef0d2ce138b88987dcf3e026768bc310883d05b9a375678630ab48f2379ea645eaf2ac72d17cf93853

Download Submit
C:\Users\Admin\AppData\Local\Temp\hmcl.json

Filesize
824B

MD5
c458dfec4fef766b6879ff1ad3e0c340

SHA1
3aec48fc6b28ce16460a443acc855b643fc76d35

SHA256
b37784c2082b7adb63a2beab81f842fd5c016706663234b179d1f5c9a4623032

SHA512
54334b08df55df78cd84cf43f0c14b999822c9489cf8a591327cb48cf0a911194ce80567bd663e117c9a667aac606a12771182105c4560573ec1d45054eaa6da

Download Submit
C:\Users\Admin\AppData\Roaming\.hmcl\authlib-injector.jar

Filesize
333KB

MD5
c60d3899b711537e10be33c680ebd8ae

SHA1
1eca6aa7faf7ac6e3211862afa6e43fe2eedd07b

SHA256
3bc9ebdc583b36abd2a65b626c4b9f35f21177fbf42a851606eaaea3fd42ee0f

SHA512
5b0634bdd4193e9d5423b4e0490b980132081df0a845d3832031c8be637d93616aee82bbaeb427fb6f617aeeb381e7246ee5e83a79bde071ef0b02a81cb91289

Download Submit
memory/1732-2-0x0000015F4DF70000-0x0000015F4E1E0000-memory.dmp

Filesize
2.4MB

Download
memory/1732-13-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-27-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-25-0x0000015F4E210000-0x0000015F4E220000-memory.dmp

Filesize
64KB

Download
memory/1732-22-0x0000015F4E1E0000-0x0000015F4E1F0000-memory.dmp

Filesize
64KB

Download
memory/1732-26-0x0000015F4E220000-0x0000015F4E230000-memory.dmp

Filesize
64KB

Download
memory/1732-30-0x0000015F4E240000-0x0000015F4E250000-memory.dmp

Filesize
64KB

Download
memory/1732-29-0x0000015F4E230000-0x0000015F4E240000-memory.dmp

Filesize
64KB

Download
memory/1732-24-0x0000015F4E200000-0x0000015F4E210000-memory.dmp

Filesize
64KB

Download
memory/1732-23-0x0000015F4E1F0000-0x0000015F4E200000-memory.dmp

Filesize
64KB

Download
memory/1732-38-0x0000015F4E280000-0x0000015F4E290000-memory.dmp

Filesize
64KB

Download
memory/1732-37-0x0000015F4E270000-0x0000015F4E280000-memory.dmp

Filesize
64KB

Download
memory/1732-36-0x0000015F4E260000-0x0000015F4E270000-memory.dmp

Filesize
64KB

Download
memory/1732-41-0x0000015F4E290000-0x0000015F4E2A0000-memory.dmp

Filesize
64KB

Download
memory/1732-35-0x0000015F4E250000-0x0000015F4E260000-memory.dmp

Filesize
64KB

Download
memory/1732-45-0x0000015F4E2A0000-0x0000015F4E2B0000-memory.dmp

Filesize
64KB

Download
memory/1732-47-0x0000015F4E2B0000-0x0000015F4E2C0000-memory.dmp

Filesize
64KB

Download
memory/1732-49-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-51-0x0000015F4E2C0000-0x0000015F4E2D0000-memory.dmp

Filesize
64KB

Download
memory/1732-57-0x0000015F4E2F0000-0x0000015F4E300000-memory.dmp

Filesize
64KB

Download
memory/1732-56-0x0000015F4E2E0000-0x0000015F4E2F0000-memory.dmp

Filesize
64KB

Download
memory/1732-55-0x0000015F4E2D0000-0x0000015F4E2E0000-memory.dmp

Filesize
64KB

Download
memory/1732-59-0x0000015F4E300000-0x0000015F4E310000-memory.dmp

Filesize
64KB

Download
memory/1732-66-0x0000015F4DF70000-0x0000015F4E1E0000-memory.dmp

Filesize
2.4MB

Download
memory/1732-81-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-79-0x0000015F4E220000-0x0000015F4E230000-memory.dmp

Filesize
64KB

Download
memory/1732-78-0x0000015F4E210000-0x0000015F4E220000-memory.dmp

Filesize
64KB

Download
memory/1732-77-0x0000015F4E200000-0x0000015F4E210000-memory.dmp

Filesize
64KB

Download
memory/1732-76-0x0000015F4E1F0000-0x0000015F4E200000-memory.dmp

Filesize
64KB

Download
memory/1732-75-0x0000015F4E1E0000-0x0000015F4E1F0000-memory.dmp

Filesize
64KB

Download
memory/1732-74-0x0000015F4E340000-0x0000015F4E350000-memory.dmp

Filesize
64KB

Download
memory/1732-73-0x0000015F4E370000-0x0000015F4E380000-memory.dmp

Filesize
64KB

Download
memory/1732-72-0x0000015F4E360000-0x0000015F4E370000-memory.dmp

Filesize
64KB

Download
memory/1732-71-0x0000015F4E350000-0x0000015F4E360000-memory.dmp

Filesize
64KB

Download
memory/1732-70-0x0000015F4E330000-0x0000015F4E340000-memory.dmp

Filesize
64KB

Download
memory/1732-69-0x0000015F4E310000-0x0000015F4E320000-memory.dmp

Filesize
64KB

Download
memory/1732-68-0x0000015F4E320000-0x0000015F4E330000-memory.dmp

Filesize
64KB

Download
memory/1732-84-0x0000015F4E230000-0x0000015F4E240000-memory.dmp

Filesize
64KB

Download
memory/1732-86-0x0000015F4E380000-0x0000015F4E390000-memory.dmp

Filesize
64KB

Download
memory/1732-85-0x0000015F4E240000-0x0000015F4E250000-memory.dmp

Filesize
64KB

Download
memory/1732-96-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-95-0x0000015F4E3A0000-0x0000015F4E3B0000-memory.dmp

Filesize
64KB

Download
memory/1732-94-0x0000015F4E390000-0x0000015F4E3A0000-memory.dmp

Filesize
64KB

Download
memory/1732-93-0x0000015F4E280000-0x0000015F4E290000-memory.dmp

Filesize
64KB

Download
memory/1732-92-0x0000015F4E270000-0x0000015F4E280000-memory.dmp

Filesize
64KB

Download
memory/1732-91-0x0000015F4E260000-0x0000015F4E270000-memory.dmp

Filesize
64KB

Download
memory/1732-90-0x0000015F4E250000-0x0000015F4E260000-memory.dmp

Filesize
64KB

Download
memory/1732-98-0x0000015F4E3B0000-0x0000015F4E3C0000-memory.dmp

Filesize
64KB

Download
memory/1732-97-0x0000015F4E290000-0x0000015F4E2A0000-memory.dmp

Filesize
64KB

Download
memory/1732-102-0x0000015F4E2A0000-0x0000015F4E2B0000-memory.dmp

Filesize
64KB

Download
memory/1732-103-0x0000015F4E3C0000-0x0000015F4E3D0000-memory.dmp

Filesize
64KB

Download
memory/1732-105-0x0000015F4E3D0000-0x0000015F4E3E0000-memory.dmp

Filesize
64KB

Download
memory/1732-104-0x0000015F4E2B0000-0x0000015F4E2C0000-memory.dmp

Filesize
64KB

Download
memory/1732-108-0x0000015F4E3E0000-0x0000015F4E3F0000-memory.dmp

Filesize
64KB

Download
memory/1732-107-0x0000015F4E2C0000-0x0000015F4E2D0000-memory.dmp

Filesize
64KB

Download
memory/1732-112-0x0000015F4E2F0000-0x0000015F4E300000-memory.dmp

Filesize
64KB

Download
memory/1732-113-0x0000015F4E3F0000-0x0000015F4E400000-memory.dmp

Filesize
64KB

Download
memory/1732-111-0x0000015F4E2E0000-0x0000015F4E2F0000-memory.dmp

Filesize
64KB

Download
memory/1732-110-0x0000015F4E2D0000-0x0000015F4E2E0000-memory.dmp

Filesize
64KB

Download
memory/1732-116-0x0000015F4E400000-0x0000015F4E410000-memory.dmp

Filesize
64KB

Download
memory/1732-115-0x0000015F4E300000-0x0000015F4E310000-memory.dmp

Filesize
64KB

Download
memory/1732-129-0x0000015F4E370000-0x0000015F4E380000-memory.dmp

Filesize
64KB

Download
memory/1732-130-0x0000015F4E410000-0x0000015F4E420000-memory.dmp

Filesize
64KB

Download
memory/1732-124-0x0000015F4E320000-0x0000015F4E330000-memory.dmp

Filesize
64KB

Download
memory/1732-128-0x0000015F4E360000-0x0000015F4E370000-memory.dmp

Filesize
64KB

Download
memory/1732-127-0x0000015F4E350000-0x0000015F4E360000-memory.dmp

Filesize
64KB

Download
memory/1732-126-0x0000015F4E330000-0x0000015F4E340000-memory.dmp

Filesize
64KB

Download
memory/1732-125-0x0000015F4E310000-0x0000015F4E320000-memory.dmp

Filesize
64KB

Download
memory/1732-145-0x0000015F4E340000-0x0000015F4E350000-memory.dmp

Filesize
64KB

Download
memory/1732-147-0x0000015F4E430000-0x0000015F4E440000-memory.dmp

Filesize
64KB

Download
memory/1732-146-0x0000015F4E420000-0x0000015F4E430000-memory.dmp

Filesize
64KB

Download
memory/1732-148-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-152-0x0000015F4E380000-0x0000015F4E390000-memory.dmp

Filesize
64KB

Download
memory/1732-160-0x0000015F4E470000-0x0000015F4E480000-memory.dmp

Filesize
64KB

Download
memory/1732-163-0x0000015F4E480000-0x0000015F4E490000-memory.dmp

Filesize
64KB

Download
memory/1732-162-0x0000015F4E3C0000-0x0000015F4E3D0000-memory.dmp

Filesize
64KB

Download
memory/1732-159-0x0000015F4E3B0000-0x0000015F4E3C0000-memory.dmp

Filesize
64KB

Download
memory/1732-158-0x0000015F4E460000-0x0000015F4E470000-memory.dmp

Filesize
64KB

Download
memory/1732-157-0x0000015F4E3A0000-0x0000015F4E3B0000-memory.dmp

Filesize
64KB

Download
memory/1732-156-0x0000015F4E390000-0x0000015F4E3A0000-memory.dmp

Filesize
64KB

Download
memory/1732-154-0x0000015F4E440000-0x0000015F4E450000-memory.dmp

Filesize
64KB

Download
memory/1732-155-0x0000015F4E450000-0x0000015F4E460000-memory.dmp

Filesize
64KB

Download
memory/1732-165-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-167-0x0000015F4E490000-0x0000015F4E4A0000-memory.dmp

Filesize
64KB

Download
memory/1732-166-0x0000015F4E3D0000-0x0000015F4E3E0000-memory.dmp

Filesize
64KB

Download
memory/1732-172-0x0000015F4E4A0000-0x0000015F4E4B0000-memory.dmp

Filesize
64KB

Download
memory/1732-177-0x0000015F4E4B0000-0x0000015F4E4C0000-memory.dmp

Filesize
64KB

Download
memory/1732-178-0x0000015F4E4C0000-0x0000015F4E4D0000-memory.dmp

Filesize
64KB

Download
memory/1732-181-0x0000015F4E400000-0x0000015F4E410000-memory.dmp

Filesize
64KB

Download
memory/1732-182-0x0000015F4E4D0000-0x0000015F4E4E0000-memory.dmp

Filesize
64KB

Download
memory/1732-176-0x0000015F4E3F0000-0x0000015F4E400000-memory.dmp

Filesize
64KB

Download
memory/1732-171-0x0000015F4E3E0000-0x0000015F4E3F0000-memory.dmp

Filesize
64KB

Download
memory/1732-188-0x0000015F4E4F0000-0x0000015F4E500000-memory.dmp

Filesize
64KB

Download
memory/1732-195-0x0000015F4E510000-0x0000015F4E520000-memory.dmp

Filesize
64KB

Download
memory/1732-197-0x0000015F4E520000-0x0000015F4E530000-memory.dmp

Filesize
64KB

Download
memory/1732-194-0x0000015F4E450000-0x0000015F4E460000-memory.dmp

Filesize
64KB

Download
memory/1732-193-0x0000015F4E440000-0x0000015F4E450000-memory.dmp

Filesize
64KB

Download
memory/1732-192-0x0000015F4E430000-0x0000015F4E440000-memory.dmp

Filesize
64KB

Download
memory/1732-190-0x0000015F4E420000-0x0000015F4E430000-memory.dmp

Filesize
64KB

Download
memory/1732-187-0x0000015F4E4E0000-0x0000015F4E4F0000-memory.dmp

Filesize
64KB

Download
memory/1732-186-0x0000015F4E410000-0x0000015F4E420000-memory.dmp

Filesize
64KB

Download
memory/1732-189-0x0000015F4E500000-0x0000015F4E510000-memory.dmp

Filesize
64KB

Download
memory/1732-199-0x0000015F4E460000-0x0000015F4E470000-memory.dmp

Filesize
64KB

Download
memory/1732-201-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-252-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-256-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-262-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-263-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-290-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-295-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-302-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-310-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-328-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-338-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-366-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download
memory/1732-376-0x0000015F4C690000-0x0000015F4C691000-memory.dmp

Filesize
4KB

Download