aaeebeabc0b7692d3ed3dfb5e6efb8966c87d89c5b32617eba72829d9174c26a

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CraxsRat VIP/CraxsRat VIP/res/Lib/ApkEditor.jar
Size

2.9MB
MD5

2a86a4e2a358bdef45ebdb9b1ad217b6
SHA1

6f1474287e6e6f4b1264e48eda8b88dfb7b7a47f
SHA256

6bcda26492a031fc63b0d0f7b6b4590ef5017cdecc134ee9768521b03833fe00
SHA512

1e4eec08a13e72567bd2e565ddf08a17d098e470280a057c8d4c31cfd501482fe7e381364f456a31cad1b0dae69e85140111e776bbd4b95c0a450d7d7f82baa0
SSDEEP

49152:R5DHKV0tkwisQD+Dt+C4e/4sLbTJ8Jxi18ZqByspA7P41Mwsw3Ga:Lz00tkw9Qa+BegsLbS3ksP4Nn3h

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1936 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 3412 wrote to memory of 1936 3412 java.exe icacls.exe
PID 3412 wrote to memory of 1936 3412 java.exe icacls.exe

pid	process
1936	icacls.exe

description	pid	process	target process
PID 3412 wrote to memory of 1936	3412	java.exe	icacls.exe
PID 3412 wrote to memory of 1936	3412	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\CraxsRat VIP\CraxsRat VIP\res\Lib\ApkEditor.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:3412

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1936

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
95b740bd2bbcdd7582b5a234dc4d942f

SHA1
350653d9869e4d3a860b215e1c5997e489f16c50

SHA256
ad2e97e5c50d6aea43b8a3c1faeb6befe4fda2533d6696260206f6524e6cf633

SHA512
0eef485e1fe1633077ca748bdd038f95d392180a82a38f13aff3c75a6905b530d2adffb9bf589e25926341d3458370979041807bf38e2030d43244ca29dc6912

Download Submit
memory/3412-2-0x000002AB9EFF0000-0x000002AB9F260000-memory.dmp

Filesize
2.4MB

Download
memory/3412-13-0x000002AB9EFD0000-0x000002AB9EFD1000-memory.dmp

Filesize
4KB

Download
memory/3412-14-0x000002AB9EFF0000-0x000002AB9F260000-memory.dmp

Filesize
2.4MB

Download