Resubmissions
13-06-2024 23:08
240613-24m7sayarl 713-06-2024 23:04
240613-22dkkavaka 713-06-2024 23:02
240613-2z9vzsthmh 7Analysis
-
max time kernel
283s -
max time network
269s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 23:02
Static task
static1
Behavioral task
behavioral1
Sample
meteor-client-0.5.0.jar
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
meteor-client-0.5.0.jar
Resource
win10v2004-20240508-en
General
-
Target
meteor-client-0.5.0.jar
-
Size
4.1MB
-
MD5
72336238447f8a773f037c3de8b82ff1
-
SHA1
c723941e438517c11baa458b11829c6b11378b14
-
SHA256
528047bd3be7051a8d34316febd6903b30e0ef537fa26d5cc3dfed1ea24183ba
-
SHA512
ae079beab76c89ca8c4bb1b8d0e2c457ff04d91a1c4d343731689104d2bee7dd054abe4318a3a778a1f0876dd5a05d4336da7e2089bef733ce878409b1f4f834
-
SSDEEP
98304:c1QAucdVkq4HI9srLOzEnBZNsnhAU/l3YNuPU3:kQwdVL4HI9ya6B/snhVlguPU3
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
java.exepid process 2344 java.exe 2344 java.exe 2344 java.exe 2344 java.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 2344 wrote to memory of 1520 2344 java.exe icacls.exe PID 2344 wrote to memory of 1520 2344 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\meteor-client-0.5.0.jar1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:1520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestampFilesize
46B
MD56bcdd5954aa6c06841c656b7c401fdbe
SHA189ac63070e91b20f8e06bb0c0b5f48b526decad7
SHA25601187537eb60ac941318ad5619b057f3c8772308b668ba9bc8deffbbe6c6f12a
SHA5121ad94d594d20c159acdc168fe5a3cf1d9744fe8c99a69ad0e4db8bf33258e90b3b7e0fb14feb865d0fb7e154f2300ebdb31da441fac5fb2da8b9338300649cb6
-
memory/2344-2-0x00000249CFC00000-0x00000249CFE70000-memory.dmpFilesize
2.4MB
-
memory/2344-15-0x00000249CE310000-0x00000249CE311000-memory.dmpFilesize
4KB
-
memory/2344-19-0x00000249CE310000-0x00000249CE311000-memory.dmpFilesize
4KB
-
memory/2344-24-0x00000249CFE70000-0x00000249CFE80000-memory.dmpFilesize
64KB
-
memory/2344-27-0x00000249CFE80000-0x00000249CFE90000-memory.dmpFilesize
64KB
-
memory/2344-30-0x00000249CFE90000-0x00000249CFEA0000-memory.dmpFilesize
64KB
-
memory/2344-32-0x00000249CFEA0000-0x00000249CFEB0000-memory.dmpFilesize
64KB
-
memory/2344-34-0x00000249CFEB0000-0x00000249CFEC0000-memory.dmpFilesize
64KB
-
memory/2344-36-0x00000249CFEC0000-0x00000249CFED0000-memory.dmpFilesize
64KB
-
memory/2344-40-0x00000249CFED0000-0x00000249CFEE0000-memory.dmpFilesize
64KB
-
memory/2344-43-0x00000249CFC00000-0x00000249CFE70000-memory.dmpFilesize
2.4MB
-
memory/2344-44-0x00000249CFEE0000-0x00000249CFEF0000-memory.dmpFilesize
64KB
-
memory/2344-46-0x00000249CFEF0000-0x00000249CFF00000-memory.dmpFilesize
64KB
-
memory/2344-49-0x00000249CFF00000-0x00000249CFF10000-memory.dmpFilesize
64KB
-
memory/2344-52-0x00000249CFE70000-0x00000249CFE80000-memory.dmpFilesize
64KB
-
memory/2344-53-0x00000249CFF10000-0x00000249CFF20000-memory.dmpFilesize
64KB
-
memory/2344-56-0x00000249CFF20000-0x00000249CFF30000-memory.dmpFilesize
64KB
-
memory/2344-55-0x00000249CFE80000-0x00000249CFE90000-memory.dmpFilesize
64KB
-
memory/2344-60-0x00000249CFF30000-0x00000249CFF40000-memory.dmpFilesize
64KB
-
memory/2344-59-0x00000249CFE90000-0x00000249CFEA0000-memory.dmpFilesize
64KB
-
memory/2344-62-0x00000249CFEA0000-0x00000249CFEB0000-memory.dmpFilesize
64KB
-
memory/2344-63-0x00000249CFF40000-0x00000249CFF50000-memory.dmpFilesize
64KB
-
memory/2344-65-0x00000249CFEB0000-0x00000249CFEC0000-memory.dmpFilesize
64KB
-
memory/2344-69-0x00000249CFEC0000-0x00000249CFED0000-memory.dmpFilesize
64KB
-
memory/2344-70-0x00000249CFF50000-0x00000249CFF60000-memory.dmpFilesize
64KB
-
memory/2344-73-0x00000249CFED0000-0x00000249CFEE0000-memory.dmpFilesize
64KB
-
memory/2344-74-0x00000249CFF60000-0x00000249CFF70000-memory.dmpFilesize
64KB
-
memory/2344-77-0x00000249CFF70000-0x00000249CFF80000-memory.dmpFilesize
64KB
-
memory/2344-76-0x00000249CFEE0000-0x00000249CFEF0000-memory.dmpFilesize
64KB
-
memory/2344-79-0x00000249CFEF0000-0x00000249CFF00000-memory.dmpFilesize
64KB
-
memory/2344-80-0x00000249CFF80000-0x00000249CFF90000-memory.dmpFilesize
64KB
-
memory/2344-82-0x00000249CFF00000-0x00000249CFF10000-memory.dmpFilesize
64KB
-
memory/2344-83-0x00000249CFF90000-0x00000249CFFA0000-memory.dmpFilesize
64KB
-
memory/2344-85-0x00000249CFF10000-0x00000249CFF20000-memory.dmpFilesize
64KB
-
memory/2344-86-0x00000249CFFA0000-0x00000249CFFB0000-memory.dmpFilesize
64KB
-
memory/2344-89-0x00000249CFF20000-0x00000249CFF30000-memory.dmpFilesize
64KB
-
memory/2344-91-0x00000249CFF30000-0x00000249CFF40000-memory.dmpFilesize
64KB
-
memory/2344-94-0x00000249CFF40000-0x00000249CFF50000-memory.dmpFilesize
64KB
-
memory/2344-95-0x00000249CFFB0000-0x00000249CFFC0000-memory.dmpFilesize
64KB
-
memory/2344-97-0x00000249CFFC0000-0x00000249CFFD0000-memory.dmpFilesize
64KB
-
memory/2344-101-0x00000249CFFD0000-0x00000249CFFE0000-memory.dmpFilesize
64KB
-
memory/2344-100-0x00000249CFF50000-0x00000249CFF60000-memory.dmpFilesize
64KB
-
memory/2344-103-0x00000249CFF60000-0x00000249CFF70000-memory.dmpFilesize
64KB
-
memory/2344-104-0x00000249CFF70000-0x00000249CFF80000-memory.dmpFilesize
64KB
-
memory/2344-107-0x00000249CFF80000-0x00000249CFF90000-memory.dmpFilesize
64KB
-
memory/2344-108-0x00000249CFFE0000-0x00000249CFFF0000-memory.dmpFilesize
64KB
-
memory/2344-110-0x00000249CFF90000-0x00000249CFFA0000-memory.dmpFilesize
64KB
-
memory/2344-111-0x00000249CFFA0000-0x00000249CFFB0000-memory.dmpFilesize
64KB
-
memory/2344-113-0x00000249CFFB0000-0x00000249CFFC0000-memory.dmpFilesize
64KB
-
memory/2344-116-0x00000249CFFC0000-0x00000249CFFD0000-memory.dmpFilesize
64KB
-
memory/2344-117-0x00000249CFFD0000-0x00000249CFFE0000-memory.dmpFilesize
64KB
-
memory/2344-121-0x00000249CFFE0000-0x00000249CFFF0000-memory.dmpFilesize
64KB
-
memory/2344-126-0x00000249CFFF0000-0x00000249D0000000-memory.dmpFilesize
64KB
-
memory/2344-136-0x00000249D0000000-0x00000249D0010000-memory.dmpFilesize
64KB
-
memory/2344-135-0x00000249CFFF0000-0x00000249D0000000-memory.dmpFilesize
64KB
-
memory/2344-140-0x00000249D0010000-0x00000249D0020000-memory.dmpFilesize
64KB
-
memory/2344-142-0x00000249D0000000-0x00000249D0010000-memory.dmpFilesize
64KB
-
memory/2344-147-0x00000249D0010000-0x00000249D0020000-memory.dmpFilesize
64KB
-
memory/2344-148-0x00000249D0020000-0x00000249D0030000-memory.dmpFilesize
64KB
-
memory/2344-152-0x00000249D0030000-0x00000249D0040000-memory.dmpFilesize
64KB
-
memory/2344-158-0x00000249D0040000-0x00000249D0050000-memory.dmpFilesize
64KB
-
memory/2344-160-0x00000249D0020000-0x00000249D0030000-memory.dmpFilesize
64KB
-
memory/2344-161-0x00000249D0030000-0x00000249D0040000-memory.dmpFilesize
64KB
-
memory/2344-162-0x00000249D0050000-0x00000249D0060000-memory.dmpFilesize
64KB
-
memory/2344-163-0x00000249D0040000-0x00000249D0050000-memory.dmpFilesize
64KB
-
memory/2344-164-0x00000249D0050000-0x00000249D0060000-memory.dmpFilesize
64KB
-
memory/2344-166-0x00000249D0060000-0x00000249D0070000-memory.dmpFilesize
64KB
-
memory/2344-172-0x00000249D0070000-0x00000249D0080000-memory.dmpFilesize
64KB
-
memory/2344-176-0x00000249D0080000-0x00000249D0090000-memory.dmpFilesize
64KB
-
memory/2344-178-0x00000249D0090000-0x00000249D00A0000-memory.dmpFilesize
64KB
-
memory/2344-180-0x00000249D00A0000-0x00000249D00B0000-memory.dmpFilesize
64KB
-
memory/2344-182-0x00000249D0070000-0x00000249D0080000-memory.dmpFilesize
64KB
-
memory/2344-183-0x00000249D0080000-0x00000249D0090000-memory.dmpFilesize
64KB
-
memory/2344-184-0x00000249D0090000-0x00000249D00A0000-memory.dmpFilesize
64KB