Analysis
-
max time kernel
92s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 10:16
Static task
static1
Behavioral task
behavioral1
Sample
ac88fa987a241fc845228cb8940c82a5.jar
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ac88fa987a241fc845228cb8940c82a5.jar
Resource
win10v2004-20240426-en
General
-
Target
ac88fa987a241fc845228cb8940c82a5.jar
-
Size
5KB
-
MD5
ac88fa987a241fc845228cb8940c82a5
-
SHA1
d73e29fb07edbd9060d21a865a9ccb0f475c89d5
-
SHA256
ec691f2cd0b0281c2ae82d8a8dc32e3704d01da682b950c481da554c835342f3
-
SHA512
0c332080c1470111434b93b5860a0f864fa32d73448896a0b5d521d62c66a5a499d6a68a5fb9f490ddae3600f0d0d09923130bf8c680f59fa9de3af9e1450d3c
-
SSDEEP
96:n/4fXk7S2TGkNlZLlXmnWzDv18Dwl5rjuZZWg2DnQCYa3FSNGOon:+XkzvlwWV8Dwld9L5YSFmon
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 1496 wrote to memory of 3068 1496 java.exe icacls.exe PID 1496 wrote to memory of 3068 1496 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\ac88fa987a241fc845228cb8940c82a5.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1496 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:3068
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD597370ab022523837cbadb5cbe0bcb4de
SHA19bf4876b324602180fd6d0481dbbf7bcd4e575b0
SHA25661159afa3f66e62a722e247de36fefa002cddb1fbf79ef45e778aded81152c2c
SHA512dcd59eb65522ad443d32103d2e3fd3e5b79a9be87822d45f9626a8b9c9bd6a3f3217660c5341f0e100479b8a19ef3d5475069f6a91b63aafb4e24aec4854b971