Analysis

  • max time kernel
    92s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 10:16

General

  • Target

    ac88fa987a241fc845228cb8940c82a5.jar

  • Size

    5KB

  • MD5

    ac88fa987a241fc845228cb8940c82a5

  • SHA1

    d73e29fb07edbd9060d21a865a9ccb0f475c89d5

  • SHA256

    ec691f2cd0b0281c2ae82d8a8dc32e3704d01da682b950c481da554c835342f3

  • SHA512

    0c332080c1470111434b93b5860a0f864fa32d73448896a0b5d521d62c66a5a499d6a68a5fb9f490ddae3600f0d0d09923130bf8c680f59fa9de3af9e1450d3c

  • SSDEEP

    96:n/4fXk7S2TGkNlZLlXmnWzDv18Dwl5rjuZZWg2DnQCYa3FSNGOon:+XkzvlwWV8Dwld9L5YSFmon

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\ac88fa987a241fc845228cb8940c82a5.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

    Filesize

    46B

    MD5

    97370ab022523837cbadb5cbe0bcb4de

    SHA1

    9bf4876b324602180fd6d0481dbbf7bcd4e575b0

    SHA256

    61159afa3f66e62a722e247de36fefa002cddb1fbf79ef45e778aded81152c2c

    SHA512

    dcd59eb65522ad443d32103d2e3fd3e5b79a9be87822d45f9626a8b9c9bd6a3f3217660c5341f0e100479b8a19ef3d5475069f6a91b63aafb4e24aec4854b971

  • memory/1496-2-0x0000024502F90000-0x0000024503200000-memory.dmp

    Filesize

    2.4MB

  • memory/1496-13-0x00000245016F0000-0x00000245016F1000-memory.dmp

    Filesize

    4KB

  • memory/1496-14-0x0000024502F90000-0x0000024503200000-memory.dmp

    Filesize

    2.4MB