Analysis
-
max time kernel
108s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 11:17
Static task
static1
Behavioral task
behavioral1
Sample
5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe
Resource
win10v2004-20240426-en
General
-
Target
5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe
-
Size
428KB
-
MD5
d36be24be0afd787fbf489da9d2338ea
-
SHA1
24a25aa9bc2e9bd3a3aed614c87c52fe889a249c
-
SHA256
5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e
-
SHA512
076b36f81c4d2cccf3c127dbd7e38e83379c05e8d2b5ad3c219977f4745644e3e5bfb6a89fa45c33b620f7f4b2250c6d3d26aa64b535b631f4bde619b26e9afa
-
SSDEEP
12288:ph1UQbSAhgOWAlCwF3DMLo/r9PFCIhlrWDxwP:ph1uAFy84cZPJbyNw
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
javaw.exepid process 2020 javaw.exe -
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
javaw.exepid process 2020 javaw.exe 2020 javaw.exe 2020 javaw.exe 2020 javaw.exe 2020 javaw.exe 2020 javaw.exe 2020 javaw.exe 2020 javaw.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exejavaw.exedescription pid process target process PID 4500 wrote to memory of 2020 4500 5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe javaw.exe PID 4500 wrote to memory of 2020 4500 5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe javaw.exe PID 2020 wrote to memory of 1976 2020 javaw.exe icacls.exe PID 2020 wrote to memory of 1976 2020 javaw.exe icacls.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe"C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4500 -
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe"2⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
PID:1976
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5ec9ea093e569ec00b532592f8276b7f6
SHA19baacd2e801490a0fd274689909d8058deb8dba8
SHA256444d0befc856c536443dc3629e2dac5d386bbcf0993bf531e468f7e166f4279b
SHA512ee6eaa00922461fe17fdf2dc178db2aca8aaa45ace658e8e0da31825cf0fd34648e43b1c1cc579c44e34a848e2fe39982ab1c2a6292ca3689fc8c034f501699c
-
Filesize
117KB
MD57f690e503a254e0b8349aec0177e07aa
SHA1127f241871a9fe42cd8d073a0835410f3824d57c
SHA2567ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7
SHA512329b4fcd0cbb804324a2a0e41542b64949208cffb18d38af50a7ccbaa007c0baf2b241a8077b4db0f6e97385e65ada7d73f6d06a5e55411d549b5a3bf29cd641
-
Filesize
83KB
MD555f4de7f270663b3dc712b8c9eed422a
SHA17432773eb4d09dc286d43fcc77ddb0e1e3bce2b4
SHA25647c2871dff8948de40424df497962ea6167c56bd4d487dd2e660aa2837485e25
SHA5129da5efb0236b3bb4ec72d07bfd70a9e3f373df95d97c825513babd43d2b91c8669e28f3464173e789dad092ea48fc8d32a9d11a6d5c8d9beeabd33860ce6a996