Malware Analysis Report

2024-10-10 12:11

Sample ID 240613-2z9vzsthmh
Target meteor-client-0.5.0.jar
SHA256 528047bd3be7051a8d34316febd6903b30e0ef537fa26d5cc3dfed1ea24183ba
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

528047bd3be7051a8d34316febd6903b30e0ef537fa26d5cc3dfed1ea24183ba

Threat Level: Shows suspicious behavior

The file meteor-client-0.5.0.jar was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Modifies file permissions

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:02

Reported

2024-06-13 23:02

Platform

win7-20231129-en

Max time kernel

15s

Max time network

17s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\meteor-client-0.5.0.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\meteor-client-0.5.0.jar

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

N/A

Files

memory/1736-2-0x0000000002620000-0x0000000002890000-memory.dmp

memory/1736-11-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1736-12-0x0000000002620000-0x0000000002890000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:02

Reported

2024-06-13 23:07

Platform

win10v2004-20240508-en

Max time kernel

283s

Max time network

269s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\meteor-client-0.5.0.jar

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2344 wrote to memory of 1520 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\icacls.exe
PID 2344 wrote to memory of 1520 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\icacls.exe

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\meteor-client-0.5.0.jar

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Network

Files

memory/2344-2-0x00000249CFC00000-0x00000249CFE70000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 6bcdd5954aa6c06841c656b7c401fdbe
SHA1 89ac63070e91b20f8e06bb0c0b5f48b526decad7
SHA256 01187537eb60ac941318ad5619b057f3c8772308b668ba9bc8deffbbe6c6f12a
SHA512 1ad94d594d20c159acdc168fe5a3cf1d9744fe8c99a69ad0e4db8bf33258e90b3b7e0fb14feb865d0fb7e154f2300ebdb31da441fac5fb2da8b9338300649cb6

memory/2344-15-0x00000249CE310000-0x00000249CE311000-memory.dmp

memory/2344-19-0x00000249CE310000-0x00000249CE311000-memory.dmp

memory/2344-24-0x00000249CFE70000-0x00000249CFE80000-memory.dmp

memory/2344-27-0x00000249CFE80000-0x00000249CFE90000-memory.dmp

memory/2344-30-0x00000249CFE90000-0x00000249CFEA0000-memory.dmp

memory/2344-32-0x00000249CFEA0000-0x00000249CFEB0000-memory.dmp

memory/2344-34-0x00000249CFEB0000-0x00000249CFEC0000-memory.dmp

memory/2344-36-0x00000249CFEC0000-0x00000249CFED0000-memory.dmp

memory/2344-40-0x00000249CFED0000-0x00000249CFEE0000-memory.dmp

memory/2344-43-0x00000249CFC00000-0x00000249CFE70000-memory.dmp

memory/2344-44-0x00000249CFEE0000-0x00000249CFEF0000-memory.dmp

memory/2344-46-0x00000249CFEF0000-0x00000249CFF00000-memory.dmp

memory/2344-49-0x00000249CFF00000-0x00000249CFF10000-memory.dmp

memory/2344-52-0x00000249CFE70000-0x00000249CFE80000-memory.dmp

memory/2344-53-0x00000249CFF10000-0x00000249CFF20000-memory.dmp

memory/2344-56-0x00000249CFF20000-0x00000249CFF30000-memory.dmp

memory/2344-55-0x00000249CFE80000-0x00000249CFE90000-memory.dmp

memory/2344-60-0x00000249CFF30000-0x00000249CFF40000-memory.dmp

memory/2344-59-0x00000249CFE90000-0x00000249CFEA0000-memory.dmp

memory/2344-62-0x00000249CFEA0000-0x00000249CFEB0000-memory.dmp

memory/2344-63-0x00000249CFF40000-0x00000249CFF50000-memory.dmp

memory/2344-65-0x00000249CFEB0000-0x00000249CFEC0000-memory.dmp

memory/2344-69-0x00000249CFEC0000-0x00000249CFED0000-memory.dmp

memory/2344-70-0x00000249CFF50000-0x00000249CFF60000-memory.dmp

memory/2344-73-0x00000249CFED0000-0x00000249CFEE0000-memory.dmp

memory/2344-74-0x00000249CFF60000-0x00000249CFF70000-memory.dmp

memory/2344-77-0x00000249CFF70000-0x00000249CFF80000-memory.dmp

memory/2344-76-0x00000249CFEE0000-0x00000249CFEF0000-memory.dmp

memory/2344-79-0x00000249CFEF0000-0x00000249CFF00000-memory.dmp

memory/2344-80-0x00000249CFF80000-0x00000249CFF90000-memory.dmp

memory/2344-82-0x00000249CFF00000-0x00000249CFF10000-memory.dmp

memory/2344-83-0x00000249CFF90000-0x00000249CFFA0000-memory.dmp

memory/2344-85-0x00000249CFF10000-0x00000249CFF20000-memory.dmp

memory/2344-86-0x00000249CFFA0000-0x00000249CFFB0000-memory.dmp

memory/2344-89-0x00000249CFF20000-0x00000249CFF30000-memory.dmp

memory/2344-91-0x00000249CFF30000-0x00000249CFF40000-memory.dmp

memory/2344-94-0x00000249CFF40000-0x00000249CFF50000-memory.dmp

memory/2344-95-0x00000249CFFB0000-0x00000249CFFC0000-memory.dmp

memory/2344-97-0x00000249CFFC0000-0x00000249CFFD0000-memory.dmp

memory/2344-101-0x00000249CFFD0000-0x00000249CFFE0000-memory.dmp

memory/2344-100-0x00000249CFF50000-0x00000249CFF60000-memory.dmp

memory/2344-103-0x00000249CFF60000-0x00000249CFF70000-memory.dmp

memory/2344-104-0x00000249CFF70000-0x00000249CFF80000-memory.dmp

memory/2344-107-0x00000249CFF80000-0x00000249CFF90000-memory.dmp

memory/2344-108-0x00000249CFFE0000-0x00000249CFFF0000-memory.dmp

memory/2344-110-0x00000249CFF90000-0x00000249CFFA0000-memory.dmp

memory/2344-111-0x00000249CFFA0000-0x00000249CFFB0000-memory.dmp

memory/2344-113-0x00000249CFFB0000-0x00000249CFFC0000-memory.dmp

memory/2344-116-0x00000249CFFC0000-0x00000249CFFD0000-memory.dmp

memory/2344-117-0x00000249CFFD0000-0x00000249CFFE0000-memory.dmp

memory/2344-121-0x00000249CFFE0000-0x00000249CFFF0000-memory.dmp

memory/2344-126-0x00000249CFFF0000-0x00000249D0000000-memory.dmp

memory/2344-136-0x00000249D0000000-0x00000249D0010000-memory.dmp

memory/2344-135-0x00000249CFFF0000-0x00000249D0000000-memory.dmp

memory/2344-140-0x00000249D0010000-0x00000249D0020000-memory.dmp

memory/2344-142-0x00000249D0000000-0x00000249D0010000-memory.dmp

memory/2344-147-0x00000249D0010000-0x00000249D0020000-memory.dmp

memory/2344-148-0x00000249D0020000-0x00000249D0030000-memory.dmp

memory/2344-152-0x00000249D0030000-0x00000249D0040000-memory.dmp

memory/2344-158-0x00000249D0040000-0x00000249D0050000-memory.dmp

memory/2344-160-0x00000249D0020000-0x00000249D0030000-memory.dmp

memory/2344-161-0x00000249D0030000-0x00000249D0040000-memory.dmp

memory/2344-162-0x00000249D0050000-0x00000249D0060000-memory.dmp

memory/2344-163-0x00000249D0040000-0x00000249D0050000-memory.dmp

memory/2344-164-0x00000249D0050000-0x00000249D0060000-memory.dmp

memory/2344-166-0x00000249D0060000-0x00000249D0070000-memory.dmp

memory/2344-172-0x00000249D0070000-0x00000249D0080000-memory.dmp

memory/2344-176-0x00000249D0080000-0x00000249D0090000-memory.dmp

memory/2344-178-0x00000249D0090000-0x00000249D00A0000-memory.dmp

memory/2344-180-0x00000249D00A0000-0x00000249D00B0000-memory.dmp

memory/2344-182-0x00000249D0070000-0x00000249D0080000-memory.dmp

memory/2344-183-0x00000249D0080000-0x00000249D0090000-memory.dmp

memory/2344-184-0x00000249D0090000-0x00000249D00A0000-memory.dmp