Analysis

  • max time kernel
    91s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 12:31

General

  • Target

    macjihuo-2022/micool_macconfig/configfile/micool2019.jar

  • Size

    2.3MB

  • MD5

    b7650f3603805693d7633b64a755b416

  • SHA1

    de72619132579a7fde5a441f880955087d32f6ed

  • SHA256

    e3055d5b636b39d5609b8cfa28da2d8955615985fad53a5c27baac51cadbc698

  • SHA512

    55c059b134c705460fc6ae4d5a1e87890dcda2a9dd8f587e6941f9003851fc703d04789d8ef58fd9e625fef86fc3a5cddebc2c25765a0444942da32f97d21ef0

  • SSDEEP

    49152:gxb6HEDaGHPVguuB1Gfgl5lXsfYCtfoPios0FNFDBrcLEmuYS:gxb6kDJH9dfglTXaltKioRfiEmu9

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\macjihuo-2022\micool_macconfig\configfile\micool2019.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

    Filesize

    46B

    MD5

    3ecfd3a15ec5e7ed2515b1a5eadccb97

    SHA1

    f4a57fe6caea99b2a9ae6a893be90d2c46f3dab2

    SHA256

    cf7f77b1a0c1d0b9a435ed64ceeb222eac204ba6934a78e89aed5ceb374dd674

    SHA512

    155ac125458b8a608b95a21c9ad446973a981ada01f5a0b20b6a11b2085ba8bd98420cfba1e18a56a188ff04cf62f63c54dec26b3a4657169da639375c939220

  • memory/1400-2-0x000001F2B2920000-0x000001F2B2B90000-memory.dmp

    Filesize

    2.4MB

  • memory/1400-11-0x000001F2B1010000-0x000001F2B1011000-memory.dmp

    Filesize

    4KB

  • memory/1400-16-0x000001F2B2B90000-0x000001F2B2BA0000-memory.dmp

    Filesize

    64KB

  • memory/1400-18-0x000001F2B2BA0000-0x000001F2B2BB0000-memory.dmp

    Filesize

    64KB

  • memory/1400-21-0x000001F2B2BB0000-0x000001F2B2BC0000-memory.dmp

    Filesize

    64KB

  • memory/1400-24-0x000001F2B2BD0000-0x000001F2B2BE0000-memory.dmp

    Filesize

    64KB

  • memory/1400-23-0x000001F2B2BC0000-0x000001F2B2BD0000-memory.dmp

    Filesize

    64KB

  • memory/1400-26-0x000001F2B2BE0000-0x000001F2B2BF0000-memory.dmp

    Filesize

    64KB

  • memory/1400-30-0x000001F2B2BF0000-0x000001F2B2C00000-memory.dmp

    Filesize

    64KB

  • memory/1400-32-0x000001F2B2C10000-0x000001F2B2C20000-memory.dmp

    Filesize

    64KB

  • memory/1400-31-0x000001F2B2C00000-0x000001F2B2C10000-memory.dmp

    Filesize

    64KB

  • memory/1400-34-0x000001F2B2C20000-0x000001F2B2C30000-memory.dmp

    Filesize

    64KB

  • memory/1400-38-0x000001F2B2920000-0x000001F2B2B90000-memory.dmp

    Filesize

    2.4MB

  • memory/1400-40-0x000001F2B2C40000-0x000001F2B2C50000-memory.dmp

    Filesize

    64KB

  • memory/1400-39-0x000001F2B2C30000-0x000001F2B2C40000-memory.dmp

    Filesize

    64KB

  • memory/1400-42-0x000001F2B2B90000-0x000001F2B2BA0000-memory.dmp

    Filesize

    64KB

  • memory/1400-43-0x000001F2B2C50000-0x000001F2B2C60000-memory.dmp

    Filesize

    64KB

  • memory/1400-46-0x000001F2B2C60000-0x000001F2B2C70000-memory.dmp

    Filesize

    64KB

  • memory/1400-45-0x000001F2B2BA0000-0x000001F2B2BB0000-memory.dmp

    Filesize

    64KB

  • memory/1400-49-0x000001F2B2C70000-0x000001F2B2C80000-memory.dmp

    Filesize

    64KB

  • memory/1400-48-0x000001F2B2BB0000-0x000001F2B2BC0000-memory.dmp

    Filesize

    64KB

  • memory/1400-53-0x000001F2B2C80000-0x000001F2B2C90000-memory.dmp

    Filesize

    64KB

  • memory/1400-52-0x000001F2B2BD0000-0x000001F2B2BE0000-memory.dmp

    Filesize

    64KB

  • memory/1400-51-0x000001F2B2BC0000-0x000001F2B2BD0000-memory.dmp

    Filesize

    64KB

  • memory/1400-55-0x000001F2B2BE0000-0x000001F2B2BF0000-memory.dmp

    Filesize

    64KB

  • memory/1400-56-0x000001F2B2C90000-0x000001F2B2CA0000-memory.dmp

    Filesize

    64KB

  • memory/1400-61-0x000001F2B2CA0000-0x000001F2B2CB0000-memory.dmp

    Filesize

    64KB

  • memory/1400-60-0x000001F2B2C00000-0x000001F2B2C10000-memory.dmp

    Filesize

    64KB

  • memory/1400-59-0x000001F2B2BF0000-0x000001F2B2C00000-memory.dmp

    Filesize

    64KB

  • memory/1400-66-0x000001F2B2CB0000-0x000001F2B2CC0000-memory.dmp

    Filesize

    64KB

  • memory/1400-67-0x000001F2B2CC0000-0x000001F2B2CD0000-memory.dmp

    Filesize

    64KB

  • memory/1400-64-0x000001F2B2C10000-0x000001F2B2C20000-memory.dmp

    Filesize

    64KB

  • memory/1400-69-0x000001F2B2CD0000-0x000001F2B2CE0000-memory.dmp

    Filesize

    64KB

  • memory/1400-68-0x000001F2B2C20000-0x000001F2B2C30000-memory.dmp

    Filesize

    64KB

  • memory/1400-77-0x000001F2B2CE0000-0x000001F2B2CF0000-memory.dmp

    Filesize

    64KB

  • memory/1400-76-0x000001F2B2C30000-0x000001F2B2C40000-memory.dmp

    Filesize

    64KB

  • memory/1400-79-0x000001F2B2C40000-0x000001F2B2C50000-memory.dmp

    Filesize

    64KB

  • memory/1400-80-0x000001F2B2CF0000-0x000001F2B2D00000-memory.dmp

    Filesize

    64KB

  • memory/1400-81-0x000001F2B1010000-0x000001F2B1011000-memory.dmp

    Filesize

    4KB

  • memory/1400-84-0x000001F2B2C50000-0x000001F2B2C60000-memory.dmp

    Filesize

    64KB

  • memory/1400-85-0x000001F2B2D00000-0x000001F2B2D10000-memory.dmp

    Filesize

    64KB

  • memory/1400-88-0x000001F2B2C60000-0x000001F2B2C70000-memory.dmp

    Filesize

    64KB

  • memory/1400-89-0x000001F2B2D10000-0x000001F2B2D20000-memory.dmp

    Filesize

    64KB

  • memory/1400-92-0x000001F2B2D20000-0x000001F2B2D30000-memory.dmp

    Filesize

    64KB

  • memory/1400-91-0x000001F2B2C70000-0x000001F2B2C80000-memory.dmp

    Filesize

    64KB

  • memory/1400-95-0x000001F2B2C80000-0x000001F2B2C90000-memory.dmp

    Filesize

    64KB

  • memory/1400-96-0x000001F2B2D30000-0x000001F2B2D40000-memory.dmp

    Filesize

    64KB

  • memory/1400-97-0x000001F2B1010000-0x000001F2B1011000-memory.dmp

    Filesize

    4KB

  • memory/1400-98-0x000001F2B2C90000-0x000001F2B2CA0000-memory.dmp

    Filesize

    64KB

  • memory/1400-100-0x000001F2B2CA0000-0x000001F2B2CB0000-memory.dmp

    Filesize

    64KB

  • memory/1400-102-0x000001F2B2CC0000-0x000001F2B2CD0000-memory.dmp

    Filesize

    64KB

  • memory/1400-101-0x000001F2B2CB0000-0x000001F2B2CC0000-memory.dmp

    Filesize

    64KB

  • memory/1400-103-0x000001F2B2CD0000-0x000001F2B2CE0000-memory.dmp

    Filesize

    64KB

  • memory/1400-104-0x000001F2B2CE0000-0x000001F2B2CF0000-memory.dmp

    Filesize

    64KB

  • memory/1400-105-0x000001F2B2CF0000-0x000001F2B2D00000-memory.dmp

    Filesize

    64KB

  • memory/1400-106-0x000001F2B2D00000-0x000001F2B2D10000-memory.dmp

    Filesize

    64KB

  • memory/1400-107-0x000001F2B2D10000-0x000001F2B2D20000-memory.dmp

    Filesize

    64KB

  • memory/1400-108-0x000001F2B2D20000-0x000001F2B2D30000-memory.dmp

    Filesize

    64KB

  • memory/1400-109-0x000001F2B2D30000-0x000001F2B2D40000-memory.dmp

    Filesize

    64KB