Analysis Overview
SHA256
528047bd3be7051a8d34316febd6903b30e0ef537fa26d5cc3dfed1ea24183ba
Threat Level: Shows suspicious behavior
The file meteor-client-0.5.0.jar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Modifies file permissions
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:02
Reported
2024-06-13 23:02
Platform
win7-20231129-en
Max time kernel
15s
Max time network
17s
Command Line
Signatures
Processes
C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\meteor-client-0.5.0.jar
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
Files
memory/1736-2-0x0000000002620000-0x0000000002890000-memory.dmp
memory/1736-11-0x0000000000140000-0x0000000000141000-memory.dmp
memory/1736-12-0x0000000002620000-0x0000000002890000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 23:02
Reported
2024-06-13 23:07
Platform
win10v2004-20240508-en
Max time kernel
283s
Max time network
269s
Command Line
Signatures
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2344 wrote to memory of 1520 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\icacls.exe |
| PID 2344 wrote to memory of 1520 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\icacls.exe |
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\meteor-client-0.5.0.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Network
Files
memory/2344-2-0x00000249CFC00000-0x00000249CFE70000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 6bcdd5954aa6c06841c656b7c401fdbe |
| SHA1 | 89ac63070e91b20f8e06bb0c0b5f48b526decad7 |
| SHA256 | 01187537eb60ac941318ad5619b057f3c8772308b668ba9bc8deffbbe6c6f12a |
| SHA512 | 1ad94d594d20c159acdc168fe5a3cf1d9744fe8c99a69ad0e4db8bf33258e90b3b7e0fb14feb865d0fb7e154f2300ebdb31da441fac5fb2da8b9338300649cb6 |
memory/2344-15-0x00000249CE310000-0x00000249CE311000-memory.dmp
memory/2344-19-0x00000249CE310000-0x00000249CE311000-memory.dmp
memory/2344-24-0x00000249CFE70000-0x00000249CFE80000-memory.dmp
memory/2344-27-0x00000249CFE80000-0x00000249CFE90000-memory.dmp
memory/2344-30-0x00000249CFE90000-0x00000249CFEA0000-memory.dmp
memory/2344-32-0x00000249CFEA0000-0x00000249CFEB0000-memory.dmp
memory/2344-34-0x00000249CFEB0000-0x00000249CFEC0000-memory.dmp
memory/2344-36-0x00000249CFEC0000-0x00000249CFED0000-memory.dmp
memory/2344-40-0x00000249CFED0000-0x00000249CFEE0000-memory.dmp
memory/2344-43-0x00000249CFC00000-0x00000249CFE70000-memory.dmp
memory/2344-44-0x00000249CFEE0000-0x00000249CFEF0000-memory.dmp
memory/2344-46-0x00000249CFEF0000-0x00000249CFF00000-memory.dmp
memory/2344-49-0x00000249CFF00000-0x00000249CFF10000-memory.dmp
memory/2344-52-0x00000249CFE70000-0x00000249CFE80000-memory.dmp
memory/2344-53-0x00000249CFF10000-0x00000249CFF20000-memory.dmp
memory/2344-56-0x00000249CFF20000-0x00000249CFF30000-memory.dmp
memory/2344-55-0x00000249CFE80000-0x00000249CFE90000-memory.dmp
memory/2344-60-0x00000249CFF30000-0x00000249CFF40000-memory.dmp
memory/2344-59-0x00000249CFE90000-0x00000249CFEA0000-memory.dmp
memory/2344-62-0x00000249CFEA0000-0x00000249CFEB0000-memory.dmp
memory/2344-63-0x00000249CFF40000-0x00000249CFF50000-memory.dmp
memory/2344-65-0x00000249CFEB0000-0x00000249CFEC0000-memory.dmp
memory/2344-69-0x00000249CFEC0000-0x00000249CFED0000-memory.dmp
memory/2344-70-0x00000249CFF50000-0x00000249CFF60000-memory.dmp
memory/2344-73-0x00000249CFED0000-0x00000249CFEE0000-memory.dmp
memory/2344-74-0x00000249CFF60000-0x00000249CFF70000-memory.dmp
memory/2344-77-0x00000249CFF70000-0x00000249CFF80000-memory.dmp
memory/2344-76-0x00000249CFEE0000-0x00000249CFEF0000-memory.dmp
memory/2344-79-0x00000249CFEF0000-0x00000249CFF00000-memory.dmp
memory/2344-80-0x00000249CFF80000-0x00000249CFF90000-memory.dmp
memory/2344-82-0x00000249CFF00000-0x00000249CFF10000-memory.dmp
memory/2344-83-0x00000249CFF90000-0x00000249CFFA0000-memory.dmp
memory/2344-85-0x00000249CFF10000-0x00000249CFF20000-memory.dmp
memory/2344-86-0x00000249CFFA0000-0x00000249CFFB0000-memory.dmp
memory/2344-89-0x00000249CFF20000-0x00000249CFF30000-memory.dmp
memory/2344-91-0x00000249CFF30000-0x00000249CFF40000-memory.dmp
memory/2344-94-0x00000249CFF40000-0x00000249CFF50000-memory.dmp
memory/2344-95-0x00000249CFFB0000-0x00000249CFFC0000-memory.dmp
memory/2344-97-0x00000249CFFC0000-0x00000249CFFD0000-memory.dmp
memory/2344-101-0x00000249CFFD0000-0x00000249CFFE0000-memory.dmp
memory/2344-100-0x00000249CFF50000-0x00000249CFF60000-memory.dmp
memory/2344-103-0x00000249CFF60000-0x00000249CFF70000-memory.dmp
memory/2344-104-0x00000249CFF70000-0x00000249CFF80000-memory.dmp
memory/2344-107-0x00000249CFF80000-0x00000249CFF90000-memory.dmp
memory/2344-108-0x00000249CFFE0000-0x00000249CFFF0000-memory.dmp
memory/2344-110-0x00000249CFF90000-0x00000249CFFA0000-memory.dmp
memory/2344-111-0x00000249CFFA0000-0x00000249CFFB0000-memory.dmp
memory/2344-113-0x00000249CFFB0000-0x00000249CFFC0000-memory.dmp
memory/2344-116-0x00000249CFFC0000-0x00000249CFFD0000-memory.dmp
memory/2344-117-0x00000249CFFD0000-0x00000249CFFE0000-memory.dmp
memory/2344-121-0x00000249CFFE0000-0x00000249CFFF0000-memory.dmp
memory/2344-126-0x00000249CFFF0000-0x00000249D0000000-memory.dmp
memory/2344-136-0x00000249D0000000-0x00000249D0010000-memory.dmp
memory/2344-135-0x00000249CFFF0000-0x00000249D0000000-memory.dmp
memory/2344-140-0x00000249D0010000-0x00000249D0020000-memory.dmp
memory/2344-142-0x00000249D0000000-0x00000249D0010000-memory.dmp
memory/2344-147-0x00000249D0010000-0x00000249D0020000-memory.dmp
memory/2344-148-0x00000249D0020000-0x00000249D0030000-memory.dmp
memory/2344-152-0x00000249D0030000-0x00000249D0040000-memory.dmp
memory/2344-158-0x00000249D0040000-0x00000249D0050000-memory.dmp
memory/2344-160-0x00000249D0020000-0x00000249D0030000-memory.dmp
memory/2344-161-0x00000249D0030000-0x00000249D0040000-memory.dmp
memory/2344-162-0x00000249D0050000-0x00000249D0060000-memory.dmp
memory/2344-163-0x00000249D0040000-0x00000249D0050000-memory.dmp
memory/2344-164-0x00000249D0050000-0x00000249D0060000-memory.dmp
memory/2344-166-0x00000249D0060000-0x00000249D0070000-memory.dmp
memory/2344-172-0x00000249D0070000-0x00000249D0080000-memory.dmp
memory/2344-176-0x00000249D0080000-0x00000249D0090000-memory.dmp
memory/2344-178-0x00000249D0090000-0x00000249D00A0000-memory.dmp
memory/2344-180-0x00000249D00A0000-0x00000249D00B0000-memory.dmp
memory/2344-182-0x00000249D0070000-0x00000249D0080000-memory.dmp
memory/2344-183-0x00000249D0080000-0x00000249D0090000-memory.dmp
memory/2344-184-0x00000249D0090000-0x00000249D00A0000-memory.dmp