bfe0ebe9b41a67d6780ed4e744354f7df03bedaf39dd9a8c24a6ba8b1106b4ac

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DroidJack/DroidJack_lib/fluent-hc-4.2.5.jar
Size

21KB
MD5

5a387f6bec45cb94c7f2667c15cbf00f
SHA1

7eda2ae9f77415cf92651191e2229eae2caf0b61
SHA256

e13070f38957fc1c063895105ab64c810a3fd8b4b6ab5d45ce2d508c8d5fa192
SHA512

3d6dd064a131993a51bd66e8d100812c559365587a050a04511280092ef0cc58767bf5ca025641590c35c1b628ce20de0c56eddac63c67e4bb682ca3aaf9ed2b
SSDEEP

384:Z4O5kHnxNasdF0L3K+N72rrGczqcg6Mx/Sjd+/kxXyV3Iu52Pw+k7ozYj:t5QrkGYeGdcgZag/kxXyVF2PdYj

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4284	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 4284	1688	java.exe	86
PID 1688 wrote to memory of 4284	1688	java.exe	86

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\DroidJack\DroidJack_lib\fluent-hc-4.2.5.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
5e933402745118da24b1b417f4f62acc

SHA1
0c0da791cd4241c51a97d8b5bf1678e7fd302fb3

SHA256
ac578e853ed82d170edadfb6b1c128f78ec1fc577b8cd9a2917738341bfc0cf7

SHA512
a381478f74c5437d307355e3baa31d3d49b750bee451f38279d269a33382fc87d90a7b2184373d86b53498ad8b008d5d9a4e2179115dcb6b104d94175d1f435e

Download Submit
memory/1688-2-0x00000190690D0000-0x0000019069340000-memory.dmp

Filesize
2.4MB

Download
memory/1688-11-0x00000190677D0000-0x00000190677D1000-memory.dmp

Filesize
4KB

Download
memory/1688-13-0x00000190690D0000-0x0000019069340000-memory.dmp

Filesize
2.4MB

Download