a3d5b263586c997d4420565fea863dca93697b1587e6e72fce36b96a8e55ae27

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8713a0f9fefb9731a3db12a7bbe1af1d_JaffaCakes118.jar
Size

172KB
MD5

8713a0f9fefb9731a3db12a7bbe1af1d
SHA1

155051100c5e7064120c2464cbfdf295d501c73d
SHA256

a3d5b263586c997d4420565fea863dca93697b1587e6e72fce36b96a8e55ae27
SHA512

1176785464090da21f282173ff324eaad0dbc9137dd079761d19f1f042eb46bb977b877b1871edf66a3eb884b552efa8e36416dd27a8bfdf39db0cc97d8eee55
SSDEEP

3072:SZgrT+w64J8ZmJZuWhI/PZQ2xKwVIvrQnbn5BlIuFAm9I68oym1rV:Sqr6wP+mfuPZr0EnbnflIUx/8rGV

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
448	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 448	5056	java.exe	83
PID 5056 wrote to memory of 448	5056	java.exe	83

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\8713a0f9fefb9731a3db12a7bbe1af1d_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
bf632d9302ea4a71e600ef7a92a2e76a

SHA1
fa09758f8c32ead0e5221bf209e5a0b0be54c46f

SHA256
bc9660d133824a855c26d13e3b75a26b23330adeb2ee7568c1504807b3ff04ec

SHA512
9a2405f32f40ac5c07a407ae1103937d20c85ed0b624cf927fb3443c4d84f4ecd121a964b4f4979c5d3518ccd853f8c62341f2cdfefb36307f8b12e2749d1400

Download Submit
memory/5056-40-0x000001DB00000000-0x000001DB00270000-memory.dmp

Filesize
2.4MB

Download
memory/5056-57-0x000001DB00340000-0x000001DB00350000-memory.dmp

Filesize
64KB

Download
memory/5056-37-0x000001DB00320000-0x000001DB00330000-memory.dmp

Filesize
64KB

Download
memory/5056-18-0x000001DB00280000-0x000001DB00290000-memory.dmp

Filesize
64KB

Download
memory/5056-20-0x000001DB002A0000-0x000001DB002B0000-memory.dmp

Filesize
64KB

Download
memory/5056-19-0x000001DB00290000-0x000001DB002A0000-memory.dmp

Filesize
64KB

Download
memory/5056-23-0x000001DB002B0000-0x000001DB002C0000-memory.dmp

Filesize
64KB

Download
memory/5056-24-0x000001DB002C0000-0x000001DB002D0000-memory.dmp

Filesize
64KB

Download
memory/5056-26-0x000001DB002D0000-0x000001DB002E0000-memory.dmp

Filesize
64KB

Download
memory/5056-30-0x000001DB002F0000-0x000001DB00300000-memory.dmp

Filesize
64KB

Download
memory/5056-29-0x000001DB002E0000-0x000001DB002F0000-memory.dmp

Filesize
64KB

Download
memory/5056-32-0x000001DB00300000-0x000001DB00310000-memory.dmp

Filesize
64KB

Download
memory/5056-35-0x000001DB00310000-0x000001DB00320000-memory.dmp

Filesize
64KB

Download
memory/5056-38-0x000001DB00330000-0x000001DB00340000-memory.dmp

Filesize
64KB

Download
memory/5056-14-0x000001DB00270000-0x000001DB00280000-memory.dmp

Filesize
64KB

Download
memory/5056-41-0x000001DB00340000-0x000001DB00350000-memory.dmp

Filesize
64KB

Download
memory/5056-12-0x000001DB7B440000-0x000001DB7B441000-memory.dmp

Filesize
4KB

Download
memory/5056-43-0x000001DB00270000-0x000001DB00280000-memory.dmp

Filesize
64KB

Download
memory/5056-45-0x000001DB00280000-0x000001DB00290000-memory.dmp

Filesize
64KB

Download
memory/5056-46-0x000001DB00290000-0x000001DB002A0000-memory.dmp

Filesize
64KB

Download
memory/5056-47-0x000001DB002A0000-0x000001DB002B0000-memory.dmp

Filesize
64KB

Download
memory/5056-48-0x000001DB002B0000-0x000001DB002C0000-memory.dmp

Filesize
64KB

Download
memory/5056-49-0x000001DB002C0000-0x000001DB002D0000-memory.dmp

Filesize
64KB

Download
memory/5056-50-0x000001DB002D0000-0x000001DB002E0000-memory.dmp

Filesize
64KB

Download
memory/5056-51-0x000001DB002E0000-0x000001DB002F0000-memory.dmp

Filesize
64KB

Download
memory/5056-52-0x000001DB002F0000-0x000001DB00300000-memory.dmp

Filesize
64KB

Download
memory/5056-53-0x000001DB00300000-0x000001DB00310000-memory.dmp

Filesize
64KB

Download
memory/5056-54-0x000001DB00310000-0x000001DB00320000-memory.dmp

Filesize
64KB

Download
memory/5056-56-0x000001DB00330000-0x000001DB00340000-memory.dmp

Filesize
64KB

Download
memory/5056-55-0x000001DB00320000-0x000001DB00330000-memory.dmp

Filesize
64KB

Download
memory/5056-2-0x000001DB00000000-0x000001DB00270000-memory.dmp

Filesize
2.4MB

Download