Resubmissions

13-06-2024 23:08

240613-24m7sayarl 7

13-06-2024 23:04

240613-22dkkavaka 7

13-06-2024 23:02

240613-2z9vzsthmh 7

Analysis

  • max time kernel
    283s
  • max time network
    269s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 23:02

General

  • Target

    meteor-client-0.5.0.jar

  • Size

    4.1MB

  • MD5

    72336238447f8a773f037c3de8b82ff1

  • SHA1

    c723941e438517c11baa458b11829c6b11378b14

  • SHA256

    528047bd3be7051a8d34316febd6903b30e0ef537fa26d5cc3dfed1ea24183ba

  • SHA512

    ae079beab76c89ca8c4bb1b8d0e2c457ff04d91a1c4d343731689104d2bee7dd054abe4318a3a778a1f0876dd5a05d4336da7e2089bef733ce878409b1f4f834

  • SSDEEP

    98304:c1QAucdVkq4HI9srLOzEnBZNsnhAU/l3YNuPU3:kQwdVL4HI9ya6B/snhVlguPU3

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\meteor-client-0.5.0.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    6bcdd5954aa6c06841c656b7c401fdbe

    SHA1

    89ac63070e91b20f8e06bb0c0b5f48b526decad7

    SHA256

    01187537eb60ac941318ad5619b057f3c8772308b668ba9bc8deffbbe6c6f12a

    SHA512

    1ad94d594d20c159acdc168fe5a3cf1d9744fe8c99a69ad0e4db8bf33258e90b3b7e0fb14feb865d0fb7e154f2300ebdb31da441fac5fb2da8b9338300649cb6

  • memory/2344-2-0x00000249CFC00000-0x00000249CFE70000-memory.dmp
    Filesize

    2.4MB

  • memory/2344-15-0x00000249CE310000-0x00000249CE311000-memory.dmp
    Filesize

    4KB

  • memory/2344-19-0x00000249CE310000-0x00000249CE311000-memory.dmp
    Filesize

    4KB

  • memory/2344-24-0x00000249CFE70000-0x00000249CFE80000-memory.dmp
    Filesize

    64KB

  • memory/2344-27-0x00000249CFE80000-0x00000249CFE90000-memory.dmp
    Filesize

    64KB

  • memory/2344-30-0x00000249CFE90000-0x00000249CFEA0000-memory.dmp
    Filesize

    64KB

  • memory/2344-32-0x00000249CFEA0000-0x00000249CFEB0000-memory.dmp
    Filesize

    64KB

  • memory/2344-34-0x00000249CFEB0000-0x00000249CFEC0000-memory.dmp
    Filesize

    64KB

  • memory/2344-36-0x00000249CFEC0000-0x00000249CFED0000-memory.dmp
    Filesize

    64KB

  • memory/2344-40-0x00000249CFED0000-0x00000249CFEE0000-memory.dmp
    Filesize

    64KB

  • memory/2344-43-0x00000249CFC00000-0x00000249CFE70000-memory.dmp
    Filesize

    2.4MB

  • memory/2344-44-0x00000249CFEE0000-0x00000249CFEF0000-memory.dmp
    Filesize

    64KB

  • memory/2344-46-0x00000249CFEF0000-0x00000249CFF00000-memory.dmp
    Filesize

    64KB

  • memory/2344-49-0x00000249CFF00000-0x00000249CFF10000-memory.dmp
    Filesize

    64KB

  • memory/2344-52-0x00000249CFE70000-0x00000249CFE80000-memory.dmp
    Filesize

    64KB

  • memory/2344-53-0x00000249CFF10000-0x00000249CFF20000-memory.dmp
    Filesize

    64KB

  • memory/2344-56-0x00000249CFF20000-0x00000249CFF30000-memory.dmp
    Filesize

    64KB

  • memory/2344-55-0x00000249CFE80000-0x00000249CFE90000-memory.dmp
    Filesize

    64KB

  • memory/2344-60-0x00000249CFF30000-0x00000249CFF40000-memory.dmp
    Filesize

    64KB

  • memory/2344-59-0x00000249CFE90000-0x00000249CFEA0000-memory.dmp
    Filesize

    64KB

  • memory/2344-62-0x00000249CFEA0000-0x00000249CFEB0000-memory.dmp
    Filesize

    64KB

  • memory/2344-63-0x00000249CFF40000-0x00000249CFF50000-memory.dmp
    Filesize

    64KB

  • memory/2344-65-0x00000249CFEB0000-0x00000249CFEC0000-memory.dmp
    Filesize

    64KB

  • memory/2344-69-0x00000249CFEC0000-0x00000249CFED0000-memory.dmp
    Filesize

    64KB

  • memory/2344-70-0x00000249CFF50000-0x00000249CFF60000-memory.dmp
    Filesize

    64KB

  • memory/2344-73-0x00000249CFED0000-0x00000249CFEE0000-memory.dmp
    Filesize

    64KB

  • memory/2344-74-0x00000249CFF60000-0x00000249CFF70000-memory.dmp
    Filesize

    64KB

  • memory/2344-77-0x00000249CFF70000-0x00000249CFF80000-memory.dmp
    Filesize

    64KB

  • memory/2344-76-0x00000249CFEE0000-0x00000249CFEF0000-memory.dmp
    Filesize

    64KB

  • memory/2344-79-0x00000249CFEF0000-0x00000249CFF00000-memory.dmp
    Filesize

    64KB

  • memory/2344-80-0x00000249CFF80000-0x00000249CFF90000-memory.dmp
    Filesize

    64KB

  • memory/2344-82-0x00000249CFF00000-0x00000249CFF10000-memory.dmp
    Filesize

    64KB

  • memory/2344-83-0x00000249CFF90000-0x00000249CFFA0000-memory.dmp
    Filesize

    64KB

  • memory/2344-85-0x00000249CFF10000-0x00000249CFF20000-memory.dmp
    Filesize

    64KB

  • memory/2344-86-0x00000249CFFA0000-0x00000249CFFB0000-memory.dmp
    Filesize

    64KB

  • memory/2344-89-0x00000249CFF20000-0x00000249CFF30000-memory.dmp
    Filesize

    64KB

  • memory/2344-91-0x00000249CFF30000-0x00000249CFF40000-memory.dmp
    Filesize

    64KB

  • memory/2344-94-0x00000249CFF40000-0x00000249CFF50000-memory.dmp
    Filesize

    64KB

  • memory/2344-95-0x00000249CFFB0000-0x00000249CFFC0000-memory.dmp
    Filesize

    64KB

  • memory/2344-97-0x00000249CFFC0000-0x00000249CFFD0000-memory.dmp
    Filesize

    64KB

  • memory/2344-101-0x00000249CFFD0000-0x00000249CFFE0000-memory.dmp
    Filesize

    64KB

  • memory/2344-100-0x00000249CFF50000-0x00000249CFF60000-memory.dmp
    Filesize

    64KB

  • memory/2344-103-0x00000249CFF60000-0x00000249CFF70000-memory.dmp
    Filesize

    64KB

  • memory/2344-104-0x00000249CFF70000-0x00000249CFF80000-memory.dmp
    Filesize

    64KB

  • memory/2344-107-0x00000249CFF80000-0x00000249CFF90000-memory.dmp
    Filesize

    64KB

  • memory/2344-108-0x00000249CFFE0000-0x00000249CFFF0000-memory.dmp
    Filesize

    64KB

  • memory/2344-110-0x00000249CFF90000-0x00000249CFFA0000-memory.dmp
    Filesize

    64KB

  • memory/2344-111-0x00000249CFFA0000-0x00000249CFFB0000-memory.dmp
    Filesize

    64KB

  • memory/2344-113-0x00000249CFFB0000-0x00000249CFFC0000-memory.dmp
    Filesize

    64KB

  • memory/2344-116-0x00000249CFFC0000-0x00000249CFFD0000-memory.dmp
    Filesize

    64KB

  • memory/2344-117-0x00000249CFFD0000-0x00000249CFFE0000-memory.dmp
    Filesize

    64KB

  • memory/2344-121-0x00000249CFFE0000-0x00000249CFFF0000-memory.dmp
    Filesize

    64KB

  • memory/2344-126-0x00000249CFFF0000-0x00000249D0000000-memory.dmp
    Filesize

    64KB

  • memory/2344-136-0x00000249D0000000-0x00000249D0010000-memory.dmp
    Filesize

    64KB

  • memory/2344-135-0x00000249CFFF0000-0x00000249D0000000-memory.dmp
    Filesize

    64KB

  • memory/2344-140-0x00000249D0010000-0x00000249D0020000-memory.dmp
    Filesize

    64KB

  • memory/2344-142-0x00000249D0000000-0x00000249D0010000-memory.dmp
    Filesize

    64KB

  • memory/2344-147-0x00000249D0010000-0x00000249D0020000-memory.dmp
    Filesize

    64KB

  • memory/2344-148-0x00000249D0020000-0x00000249D0030000-memory.dmp
    Filesize

    64KB

  • memory/2344-152-0x00000249D0030000-0x00000249D0040000-memory.dmp
    Filesize

    64KB

  • memory/2344-158-0x00000249D0040000-0x00000249D0050000-memory.dmp
    Filesize

    64KB

  • memory/2344-160-0x00000249D0020000-0x00000249D0030000-memory.dmp
    Filesize

    64KB

  • memory/2344-161-0x00000249D0030000-0x00000249D0040000-memory.dmp
    Filesize

    64KB

  • memory/2344-162-0x00000249D0050000-0x00000249D0060000-memory.dmp
    Filesize

    64KB

  • memory/2344-163-0x00000249D0040000-0x00000249D0050000-memory.dmp
    Filesize

    64KB

  • memory/2344-164-0x00000249D0050000-0x00000249D0060000-memory.dmp
    Filesize

    64KB

  • memory/2344-166-0x00000249D0060000-0x00000249D0070000-memory.dmp
    Filesize

    64KB

  • memory/2344-172-0x00000249D0070000-0x00000249D0080000-memory.dmp
    Filesize

    64KB

  • memory/2344-176-0x00000249D0080000-0x00000249D0090000-memory.dmp
    Filesize

    64KB

  • memory/2344-178-0x00000249D0090000-0x00000249D00A0000-memory.dmp
    Filesize

    64KB

  • memory/2344-180-0x00000249D00A0000-0x00000249D00B0000-memory.dmp
    Filesize

    64KB

  • memory/2344-182-0x00000249D0070000-0x00000249D0080000-memory.dmp
    Filesize

    64KB

  • memory/2344-183-0x00000249D0080000-0x00000249D0090000-memory.dmp
    Filesize

    64KB

  • memory/2344-184-0x00000249D0090000-0x00000249D00A0000-memory.dmp
    Filesize

    64KB