bfe0ebe9b41a67d6780ed4e744354f7df03bedaf39dd9a8c24a6ba8b1106b4ac

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DroidJack/DroidJack_lib/kryonet-2.21-all.jar
Size

329KB
MD5

3c05283c589306a23b8602c5bc474361
SHA1

d906a8f689f340b39a7f78bf9b4474aa819d7391
SHA256

eab8c51e0e3a11bb1411ace21d9876184d5084fde82ee298da03ca0627499151
SHA512

1aea27eb1b029ae1773e7b0ffebab51de79ee8746762ba153c4b20fd23b4c59f7c96804a08cc654b5ab9dc2135db14bccd69a6fe69e5677c3bd639f3176fc74c
SSDEEP

6144:TuCLxaF2a4FlrHUuOG8RhoSPPN9NO/G+yspLXbCjL:Hc25UVHVO/Hl3Cv

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4004	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 4004	3248	java.exe	87
PID 3248 wrote to memory of 4004	3248	java.exe	87

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\DroidJack\DroidJack_lib\kryonet-2.21-all.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
bf6f955e501fc048b16f609b87e99af3

SHA1
6f7903685ef4749f63ae2d6e7ec9aa9112021caa

SHA256
70f45d2c931e3e25b6b6460d02e9153c60ceabca2bff513b826b76afdc013d71

SHA512
fe29378e85ebfc35abdcf8f166214c31b802d72ddc75df413577b23dc558eecb076702b63c6005a3120133b69eaa225bbfb541f377be677f74ff540e6e74f8a1

Download Submit
memory/3248-2-0x0000016A22F40000-0x0000016A231B0000-memory.dmp

Filesize
2.4MB

Download
memory/3248-12-0x0000016A216F0000-0x0000016A216F1000-memory.dmp

Filesize
4KB

Download
memory/3248-13-0x0000016A22F40000-0x0000016A231B0000-memory.dmp

Filesize
2.4MB

Download