1ec78e3e975aeba33f4bb88b25f9ea4829ef699e2b3a6edaee7a639b0e688bab

Analysis

max time kernel
149s
max time network
135s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/06/2024, 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1.5_02.jar
Size

447KB
MD5

edbcec2e58bd5a03954ba7d745dee604
SHA1

a17bcc9bcbe0685dd485f9fb15764e85b5888619
SHA256

1ec78e3e975aeba33f4bb88b25f9ea4829ef699e2b3a6edaee7a639b0e688bab
SHA512

59b394177d5fadf1cb66d48360540d4dd731ece9d48f1fae1a1928ad54790d83758c485dd88a5f788d6f86ad26f7fc2ebe749ad2a38b25c083f44e29d6682950
SSDEEP

12288:cXYGH2DGulo+PVf6PlZ7UCZ2qhAH2uB2+42ZhfDl/I4:u2Bh6NiCwiVV2ZXZ

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4024	icacls.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4760	java.exe
4760	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 4024	4760	java.exe	74
PID 4760 wrote to memory of 4024	4760	java.exe	74

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\b1.5_02.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
5a0c11e093cd319fadbd828d09425cef

SHA1
a777fff6243bd72dda8a2f4b83e4ada453e386f3

SHA256
08c619d7eac8ad534f97e6cb7e67af34a95e702ce3927b1fb2911f3e595d0556

SHA512
3c17a6d8754ddb62e919b74d932ec47bd02a03054aa98dbc46b80e066f0bcff9a76ccd34c77418b5208e9a504ca241168e98db14d41846613338c85e2f55ec70

Download Submit
C:\Users\Admin\AppData\Local\Temp\server.properties

Filesize
263B

MD5
146c2e80bf9c75c6d37167dea4192411

SHA1
9ca7c23c3b68ce686399d8f96b437b2ef500a5d3

SHA256
8df7dc1a7c2da7fd6c9acace05ed0e8c7adb97aa61a348cf020690204bb08a89

SHA512
7e58a1687869353c24d522e258117a245eb5229947e82011a0ad59c39bc8338ce81f726e37d1b1b89a31a49615330bae7753b26c0b6e68dd0df5741e518d6e2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\world\session.lock

Filesize
8B

MD5
2b5adee4603228857a715ad42e36984a

SHA1
fa8bf04456788f15bba3ead6d783fae925cbfbc6

SHA256
1df797690c7ad422d0cafe37aec4b40d63bdd51ce0db3623ee0f8691e45551cb

SHA512
8f6cedc437874b884a37ddf4b025d55b674108397d10b4a036919f4460b4de8f93998e96ec7abf74117d965473211665070b9a8200de9a376974d00ace961de9

Download Submit
memory/4760-2-0x0000023D2A9F0000-0x0000023D2AC60000-memory.dmp

Filesize
2.4MB

Download
memory/4760-12-0x0000023D2A9D0000-0x0000023D2A9D1000-memory.dmp

Filesize
4KB

Download
memory/4760-24-0x0000023D2AC60000-0x0000023D2AC70000-memory.dmp

Filesize
64KB

Download
memory/4760-27-0x0000023D2AC70000-0x0000023D2AC80000-memory.dmp

Filesize
64KB

Download
memory/4760-26-0x0000023D2A9D0000-0x0000023D2A9D1000-memory.dmp

Filesize
4KB

Download
memory/4760-29-0x0000023D2AC80000-0x0000023D2AC90000-memory.dmp

Filesize
64KB

Download
memory/4760-31-0x0000023D2AC90000-0x0000023D2ACA0000-memory.dmp

Filesize
64KB

Download
memory/4760-37-0x0000023D2ACA0000-0x0000023D2ACB0000-memory.dmp

Filesize
64KB

Download
memory/4760-39-0x0000023D2ACB0000-0x0000023D2ACC0000-memory.dmp

Filesize
64KB

Download
memory/4760-38-0x0000023D2ACC0000-0x0000023D2ACD0000-memory.dmp

Filesize
64KB

Download
memory/4760-41-0x0000023D2ACD0000-0x0000023D2ACE0000-memory.dmp

Filesize
64KB

Download
memory/4760-43-0x0000023D2ACE0000-0x0000023D2ACF0000-memory.dmp

Filesize
64KB

Download
memory/4760-47-0x0000023D2A9F0000-0x0000023D2AC60000-memory.dmp

Filesize
2.4MB

Download
memory/4760-50-0x0000023D2AD10000-0x0000023D2AD20000-memory.dmp

Filesize
64KB

Download
memory/4760-53-0x0000023D2AC60000-0x0000023D2AC70000-memory.dmp

Filesize
64KB

Download
memory/4760-54-0x0000023D2AD20000-0x0000023D2AD30000-memory.dmp

Filesize
64KB

Download
memory/4760-49-0x0000023D2AD00000-0x0000023D2AD10000-memory.dmp

Filesize
64KB

Download
memory/4760-48-0x0000023D2ACF0000-0x0000023D2AD00000-memory.dmp

Filesize
64KB

Download
memory/4760-70-0x0000023D2AD30000-0x0000023D2AD40000-memory.dmp

Filesize
64KB

Download
memory/4760-83-0x0000023D2AD90000-0x0000023D2ADA0000-memory.dmp

Filesize
64KB

Download
memory/4760-89-0x0000023D2ADA0000-0x0000023D2ADB0000-memory.dmp

Filesize
64KB

Download
memory/4760-102-0x0000023D2ACB0000-0x0000023D2ACC0000-memory.dmp

Filesize
64KB

Download
memory/4760-103-0x0000023D2ADF0000-0x0000023D2AE00000-memory.dmp

Filesize
64KB

Download
memory/4760-98-0x0000023D2ADE0000-0x0000023D2ADF0000-memory.dmp

Filesize
64KB

Download
memory/4760-95-0x0000023D2ACA0000-0x0000023D2ACB0000-memory.dmp

Filesize
64KB

Download
memory/4760-96-0x0000023D2ACC0000-0x0000023D2ACD0000-memory.dmp

Filesize
64KB

Download
memory/4760-97-0x0000023D2ADD0000-0x0000023D2ADE0000-memory.dmp

Filesize
64KB

Download
memory/4760-91-0x0000023D2ADC0000-0x0000023D2ADD0000-memory.dmp

Filesize
64KB

Download
memory/4760-90-0x0000023D2ADB0000-0x0000023D2ADC0000-memory.dmp

Filesize
64KB

Download
memory/4760-82-0x0000023D2AD80000-0x0000023D2AD90000-memory.dmp

Filesize
64KB

Download
memory/4760-81-0x0000023D2AD70000-0x0000023D2AD80000-memory.dmp

Filesize
64KB

Download
memory/4760-88-0x0000023D2AC90000-0x0000023D2ACA0000-memory.dmp

Filesize
64KB

Download
memory/4760-80-0x0000023D2AD60000-0x0000023D2AD70000-memory.dmp

Filesize
64KB

Download
memory/4760-79-0x0000023D2AD50000-0x0000023D2AD60000-memory.dmp

Filesize
64KB

Download
memory/4760-69-0x0000023D2AC70000-0x0000023D2AC80000-memory.dmp

Filesize
64KB

Download
memory/4760-78-0x0000023D2AD40000-0x0000023D2AD50000-memory.dmp

Filesize
64KB

Download
memory/4760-77-0x0000023D2AC80000-0x0000023D2AC90000-memory.dmp

Filesize
64KB

Download
memory/4760-111-0x0000023D2AE20000-0x0000023D2AE30000-memory.dmp

Filesize
64KB

Download
memory/4760-110-0x0000023D2AE00000-0x0000023D2AE10000-memory.dmp

Filesize
64KB

Download
memory/4760-109-0x0000023D2AE10000-0x0000023D2AE20000-memory.dmp

Filesize
64KB

Download
memory/4760-108-0x0000023D2ACD0000-0x0000023D2ACE0000-memory.dmp

Filesize
64KB

Download
memory/4760-123-0x0000023D2AE60000-0x0000023D2AE70000-memory.dmp

Filesize
64KB

Download
memory/4760-125-0x0000023D2AE70000-0x0000023D2AE80000-memory.dmp

Filesize
64KB

Download
memory/4760-130-0x0000023D2AE80000-0x0000023D2AE90000-memory.dmp

Filesize
64KB

Download
memory/4760-133-0x0000023D2AD30000-0x0000023D2AD40000-memory.dmp

Filesize
64KB

Download
memory/4760-135-0x0000023D2AEB0000-0x0000023D2AEC0000-memory.dmp

Filesize
64KB

Download
memory/4760-134-0x0000023D2AEA0000-0x0000023D2AEB0000-memory.dmp

Filesize
64KB

Download
memory/4760-131-0x0000023D2AE90000-0x0000023D2AEA0000-memory.dmp

Filesize
64KB

Download
memory/4760-129-0x0000023D2AD20000-0x0000023D2AD30000-memory.dmp

Filesize
64KB

Download
memory/4760-124-0x0000023D2AD10000-0x0000023D2AD20000-memory.dmp

Filesize
64KB

Download
memory/4760-122-0x0000023D2AE40000-0x0000023D2AE50000-memory.dmp

Filesize
64KB

Download
memory/4760-119-0x0000023D2AD00000-0x0000023D2AD10000-memory.dmp

Filesize
64KB

Download
memory/4760-118-0x0000023D2ACF0000-0x0000023D2AD00000-memory.dmp

Filesize
64KB

Download
memory/4760-115-0x0000023D2AE50000-0x0000023D2AE60000-memory.dmp

Filesize
64KB

Download
memory/4760-114-0x0000023D2AE30000-0x0000023D2AE40000-memory.dmp

Filesize
64KB

Download
memory/4760-113-0x0000023D2ACE0000-0x0000023D2ACF0000-memory.dmp

Filesize
64KB

Download
memory/4760-148-0x0000023D2AEE0000-0x0000023D2AEF0000-memory.dmp

Filesize
64KB

Download
memory/4760-147-0x0000023D2AED0000-0x0000023D2AEE0000-memory.dmp

Filesize
64KB

Download
memory/4760-146-0x0000023D2AEC0000-0x0000023D2AED0000-memory.dmp

Filesize
64KB

Download
memory/4760-145-0x0000023D2AD90000-0x0000023D2ADA0000-memory.dmp

Filesize
64KB

Download
memory/4760-144-0x0000023D2AD80000-0x0000023D2AD90000-memory.dmp

Filesize
64KB

Download
memory/4760-143-0x0000023D2AD70000-0x0000023D2AD80000-memory.dmp

Filesize
64KB

Download
memory/4760-142-0x0000023D2AD60000-0x0000023D2AD70000-memory.dmp

Filesize
64KB

Download
memory/4760-141-0x0000023D2AD50000-0x0000023D2AD60000-memory.dmp

Filesize
64KB

Download
memory/4760-140-0x0000023D2AD40000-0x0000023D2AD50000-memory.dmp

Filesize
64KB

Download
memory/4760-153-0x0000023D2ADC0000-0x0000023D2ADD0000-memory.dmp

Filesize
64KB

Download
memory/4760-162-0x0000023D2AF20000-0x0000023D2AF30000-memory.dmp

Filesize
64KB

Download
memory/4760-161-0x0000023D2AF10000-0x0000023D2AF20000-memory.dmp

Filesize
64KB

Download
memory/4760-163-0x0000023D2AF30000-0x0000023D2AF40000-memory.dmp

Filesize
64KB

Download
memory/4760-160-0x0000023D2ADE0000-0x0000023D2ADF0000-memory.dmp

Filesize
64KB

Download
memory/4760-155-0x0000023D2AF00000-0x0000023D2AF10000-memory.dmp

Filesize
64KB

Download
memory/4760-154-0x0000023D2AEF0000-0x0000023D2AF00000-memory.dmp

Filesize
64KB

Download
memory/4760-159-0x0000023D2ADD0000-0x0000023D2ADE0000-memory.dmp

Filesize
64KB

Download
memory/4760-152-0x0000023D2ADB0000-0x0000023D2ADC0000-memory.dmp

Filesize
64KB

Download
memory/4760-151-0x0000023D2ADA0000-0x0000023D2ADB0000-memory.dmp

Filesize
64KB

Download
memory/4760-167-0x0000023D2AF40000-0x0000023D2AF50000-memory.dmp

Filesize
64KB

Download
memory/4760-166-0x0000023D2AE00000-0x0000023D2AE10000-memory.dmp

Filesize
64KB

Download
memory/4760-165-0x0000023D2ADF0000-0x0000023D2AE00000-memory.dmp

Filesize
64KB

Download
memory/4760-172-0x0000023D2AF50000-0x0000023D2AF60000-memory.dmp

Filesize
64KB

Download
memory/4760-171-0x0000023D2AE20000-0x0000023D2AE30000-memory.dmp

Filesize
64KB

Download
memory/4760-170-0x0000023D2AE10000-0x0000023D2AE20000-memory.dmp

Filesize
64KB

Download
memory/4760-174-0x0000023D2AE30000-0x0000023D2AE40000-memory.dmp

Filesize
64KB

Download
memory/4760-176-0x0000023D2AF60000-0x0000023D2AF70000-memory.dmp

Filesize
64KB

Download
memory/4760-175-0x0000023D2AE50000-0x0000023D2AE60000-memory.dmp

Filesize
64KB

Download
memory/4760-180-0x0000023D2AF70000-0x0000023D2AF80000-memory.dmp

Filesize
64KB

Download
memory/4760-179-0x0000023D2AE60000-0x0000023D2AE70000-memory.dmp

Filesize
64KB

Download
memory/4760-178-0x0000023D2AE40000-0x0000023D2AE50000-memory.dmp

Filesize
64KB

Download
memory/4760-185-0x0000023D2AF80000-0x0000023D2AF90000-memory.dmp

Filesize
64KB

Download
memory/4760-184-0x0000023D2AE70000-0x0000023D2AE80000-memory.dmp

Filesize
64KB

Download
memory/4760-191-0x0000023D2AFA0000-0x0000023D2AFB0000-memory.dmp

Filesize
64KB

Download
memory/4760-190-0x0000023D2AE90000-0x0000023D2AEA0000-memory.dmp

Filesize
64KB

Download
memory/4760-189-0x0000023D2AE80000-0x0000023D2AE90000-memory.dmp

Filesize
64KB

Download
memory/4760-194-0x0000023D2AFB0000-0x0000023D2AFC0000-memory.dmp

Filesize
64KB

Download
memory/4760-193-0x0000023D2AEB0000-0x0000023D2AEC0000-memory.dmp

Filesize
64KB

Download
memory/4760-192-0x0000023D2AEA0000-0x0000023D2AEB0000-memory.dmp

Filesize
64KB

Download
memory/4760-198-0x0000023D2AEE0000-0x0000023D2AEF0000-memory.dmp

Filesize
64KB

Download
memory/4760-197-0x0000023D2AED0000-0x0000023D2AEE0000-memory.dmp

Filesize
64KB

Download
memory/4760-196-0x0000023D2AEC0000-0x0000023D2AED0000-memory.dmp

Filesize
64KB

Download
memory/4760-272-0x0000023D2A9D0000-0x0000023D2A9D1000-memory.dmp

Filesize
4KB

Download
memory/4760-376-0x0000023D2A9D0000-0x0000023D2A9D1000-memory.dmp

Filesize
4KB

Download
memory/4760-374-0x0000023D2A9D0000-0x0000023D2A9D1000-memory.dmp

Filesize
4KB

Download
memory/4760-396-0x0000023D2A9D0000-0x0000023D2A9D1000-memory.dmp

Filesize
4KB

Download