8fc554384f269993bde053de9811902c44135fb99e1944c5047afea9aac6ea40

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fc554384f269993bde053de9811902c44135fb99e1944c5047afea9aac6ea40.jar
Size

203KB
MD5

ef8d2de4e2983dddfe12759ba4626d20
SHA1

e3ce248bdcd07b23e94ce832062cf717a83334a8
SHA256

8fc554384f269993bde053de9811902c44135fb99e1944c5047afea9aac6ea40
SHA512

6d956b3e536fb7227c7bcb9d2beeaac9e64fae4c60e32b95772201d0c68b962936104fba7b57ef57e82c02d193b8200539a55e69ec95a4f7d1fcfee331203280
SSDEEP

3072:yVeoCg5sL1zElp9IsdQffd3qrNMVMYBJk4ubY+tqtPwzrLQBAWfTy3KNY:8L61z29/dHpMVMYBqN0JIzr0qWfTxY

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

228 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 1724 wrote to memory of 228 1724 java.exe icacls.exe
PID 1724 wrote to memory of 228 1724 java.exe icacls.exe

pid	process
228	icacls.exe

description	pid	process	target process
PID 1724 wrote to memory of 228	1724	java.exe	icacls.exe
PID 1724 wrote to memory of 228	1724	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\8fc554384f269993bde053de9811902c44135fb99e1944c5047afea9aac6ea40.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
2614c316a60d16c8007b3e7c795608c7

SHA1
88539d0438bbbcf99955a06e1da6faad68f62616

SHA256
25f1b040c1d5f9b6ad2bc22809a58e2e739833b2940f996e537ae9460b585911

SHA512
ed37d7c7e72dbbb044090c82f7005eb4c3f08d631d80d6506b0366fbb7a77c76b291b8088d863de95d9e8123c4b66da1fb52cec698bfd9ff34b99506953e94d8

Download Submit
memory/1724-2-0x0000023100000000-0x0000023100270000-memory.dmp

Filesize
2.4MB

Download
memory/1724-14-0x0000023100270000-0x0000023100280000-memory.dmp

Filesize
64KB

Download
memory/1724-17-0x0000023100290000-0x00000231002A0000-memory.dmp

Filesize
64KB

Download
memory/1724-16-0x0000023100280000-0x0000023100290000-memory.dmp

Filesize
64KB

Download
memory/1724-19-0x00000231002A0000-0x00000231002B0000-memory.dmp

Filesize
64KB

Download
memory/1724-22-0x00000231002B0000-0x00000231002C0000-memory.dmp

Filesize
64KB

Download
memory/1724-23-0x00000231002C0000-0x00000231002D0000-memory.dmp

Filesize
64KB

Download
memory/1724-26-0x00000231002D0000-0x00000231002E0000-memory.dmp

Filesize
64KB

Download
memory/1724-29-0x000002317BB40000-0x000002317BB41000-memory.dmp

Filesize
4KB

Download
memory/1724-28-0x00000231002E0000-0x00000231002F0000-memory.dmp

Filesize
64KB

Download
memory/1724-36-0x0000023100300000-0x0000023100310000-memory.dmp

Filesize
64KB

Download
memory/1724-35-0x00000231002F0000-0x0000023100300000-memory.dmp

Filesize
64KB

Download
memory/1724-39-0x0000023100310000-0x0000023100320000-memory.dmp

Filesize
64KB

Download
memory/1724-40-0x0000023100320000-0x0000023100330000-memory.dmp

Filesize
64KB

Download
memory/1724-43-0x0000023100330000-0x0000023100340000-memory.dmp

Filesize
64KB

Download
memory/1724-42-0x0000023100000000-0x0000023100270000-memory.dmp

Filesize
2.4MB

Download
memory/1724-46-0x0000023100340000-0x0000023100350000-memory.dmp

Filesize
64KB

Download
memory/1724-45-0x0000023100270000-0x0000023100280000-memory.dmp

Filesize
64KB

Download
memory/1724-50-0x0000023100290000-0x00000231002A0000-memory.dmp

Filesize
64KB

Download
memory/1724-51-0x0000023100350000-0x0000023100360000-memory.dmp

Filesize
64KB

Download
memory/1724-49-0x0000023100280000-0x0000023100290000-memory.dmp

Filesize
64KB

Download
memory/1724-53-0x00000231002A0000-0x00000231002B0000-memory.dmp

Filesize
64KB

Download
memory/1724-56-0x0000023100370000-0x0000023100380000-memory.dmp

Filesize
64KB

Download
memory/1724-55-0x00000231002B0000-0x00000231002C0000-memory.dmp

Filesize
64KB

Download
memory/1724-59-0x0000023100380000-0x0000023100390000-memory.dmp

Filesize
64KB

Download
memory/1724-58-0x00000231002C0000-0x00000231002D0000-memory.dmp

Filesize
64KB

Download
memory/1724-54-0x0000023100360000-0x0000023100370000-memory.dmp

Filesize
64KB

Download
memory/1724-64-0x0000023100390000-0x00000231003A0000-memory.dmp

Filesize
64KB

Download
memory/1724-63-0x00000231002D0000-0x00000231002E0000-memory.dmp

Filesize
64KB

Download
memory/1724-65-0x000002317BB40000-0x000002317BB41000-memory.dmp

Filesize
4KB

Download
memory/1724-66-0x00000231002E0000-0x00000231002F0000-memory.dmp

Filesize
64KB

Download
memory/1724-68-0x00000231002F0000-0x0000023100300000-memory.dmp

Filesize
64KB

Download
memory/1724-69-0x0000023100300000-0x0000023100310000-memory.dmp

Filesize
64KB

Download
memory/1724-70-0x0000023100310000-0x0000023100320000-memory.dmp

Filesize
64KB

Download
memory/1724-71-0x0000023100320000-0x0000023100330000-memory.dmp

Filesize
64KB

Download
memory/1724-72-0x0000023100330000-0x0000023100340000-memory.dmp

Filesize
64KB

Download
memory/1724-73-0x0000023100340000-0x0000023100350000-memory.dmp

Filesize
64KB

Download
memory/1724-77-0x00000231003A0000-0x00000231003B0000-memory.dmp

Filesize
64KB

Download
memory/1724-76-0x0000023100360000-0x0000023100370000-memory.dmp

Filesize
64KB

Download
memory/1724-75-0x0000023100350000-0x0000023100360000-memory.dmp

Filesize
64KB

Download
memory/1724-79-0x00000231003B0000-0x00000231003C0000-memory.dmp

Filesize
64KB

Download
memory/1724-82-0x00000231003C0000-0x00000231003D0000-memory.dmp

Filesize
64KB

Download
memory/1724-81-0x0000023100370000-0x0000023100380000-memory.dmp

Filesize
64KB

Download
memory/1724-85-0x00000231003D0000-0x00000231003E0000-memory.dmp

Filesize
64KB

Download
memory/1724-84-0x0000023100380000-0x0000023100390000-memory.dmp

Filesize
64KB

Download
memory/1724-87-0x0000023100390000-0x00000231003A0000-memory.dmp

Filesize
64KB

Download
memory/1724-88-0x00000231003E0000-0x00000231003F0000-memory.dmp

Filesize
64KB

Download
memory/1724-90-0x00000231003F0000-0x0000023100400000-memory.dmp

Filesize
64KB

Download
memory/1724-92-0x0000023100400000-0x0000023100410000-memory.dmp

Filesize
64KB

Download
memory/1724-94-0x0000023100410000-0x0000023100420000-memory.dmp

Filesize
64KB

Download
memory/1724-96-0x0000023100420000-0x0000023100430000-memory.dmp

Filesize
64KB

Download
memory/1724-98-0x0000023100430000-0x0000023100440000-memory.dmp

Filesize
64KB

Download
memory/1724-101-0x0000023100440000-0x0000023100450000-memory.dmp

Filesize
64KB

Download
memory/1724-100-0x00000231003A0000-0x00000231003B0000-memory.dmp

Filesize
64KB

Download
memory/1724-104-0x0000023100450000-0x0000023100460000-memory.dmp

Filesize
64KB

Download
memory/1724-103-0x00000231003B0000-0x00000231003C0000-memory.dmp

Filesize
64KB

Download
memory/1724-113-0x000002317BB40000-0x000002317BB41000-memory.dmp

Filesize
4KB

Download
memory/1724-107-0x000002317BB40000-0x000002317BB41000-memory.dmp

Filesize
4KB

Download
memory/1724-128-0x0000023100460000-0x0000023100470000-memory.dmp

Filesize
64KB

Download
memory/1724-127-0x00000231003C0000-0x00000231003D0000-memory.dmp

Filesize
64KB

Download
memory/1724-131-0x00000231003D0000-0x00000231003E0000-memory.dmp

Filesize
64KB

Download
memory/1724-132-0x0000023100470000-0x0000023100480000-memory.dmp

Filesize
64KB

Download
memory/1724-133-0x00000231003E0000-0x00000231003F0000-memory.dmp

Filesize
64KB

Download
memory/1724-134-0x0000023100480000-0x0000023100490000-memory.dmp

Filesize
64KB

Download
memory/1724-140-0x00000231004A0000-0x00000231004B0000-memory.dmp

Filesize
64KB

Download
memory/1724-139-0x0000023100490000-0x00000231004A0000-memory.dmp

Filesize
64KB

Download
memory/1724-138-0x00000231003F0000-0x0000023100400000-memory.dmp

Filesize
64KB

Download
memory/1724-142-0x00000231004B0000-0x00000231004C0000-memory.dmp

Filesize
64KB

Download
memory/1724-141-0x0000023100400000-0x0000023100410000-memory.dmp

Filesize
64KB

Download
memory/1724-144-0x0000023100410000-0x0000023100420000-memory.dmp

Filesize
64KB

Download
memory/1724-145-0x00000231004C0000-0x00000231004D0000-memory.dmp

Filesize
64KB

Download
memory/1724-148-0x00000231004D0000-0x00000231004E0000-memory.dmp

Filesize
64KB

Download
memory/1724-147-0x0000023100420000-0x0000023100430000-memory.dmp

Filesize
64KB

Download
memory/1724-153-0x00000231004E0000-0x00000231004F0000-memory.dmp

Filesize
64KB

Download
memory/1724-152-0x00000231004F0000-0x0000023100500000-memory.dmp

Filesize
64KB

Download
memory/1724-151-0x0000023100430000-0x0000023100440000-memory.dmp

Filesize
64KB

Download
memory/1724-155-0x0000023100440000-0x0000023100450000-memory.dmp

Filesize
64KB

Download
memory/1724-156-0x0000023100500000-0x0000023100510000-memory.dmp

Filesize
64KB

Download
memory/1724-159-0x0000023100450000-0x0000023100460000-memory.dmp

Filesize
64KB

Download
memory/1724-160-0x0000023100510000-0x0000023100520000-memory.dmp

Filesize
64KB

Download
memory/1724-161-0x000002317BB40000-0x000002317BB41000-memory.dmp

Filesize
4KB

Download
memory/1724-185-0x0000023100520000-0x0000023100530000-memory.dmp

Filesize
64KB

Download
memory/1724-184-0x0000023100460000-0x0000023100470000-memory.dmp

Filesize
64KB

Download
memory/1724-189-0x0000023100530000-0x0000023100540000-memory.dmp

Filesize
64KB

Download
memory/1724-188-0x0000023100470000-0x0000023100480000-memory.dmp

Filesize
64KB

Download
memory/1724-191-0x0000023100480000-0x0000023100490000-memory.dmp

Filesize
64KB

Download
memory/1724-192-0x0000023100540000-0x0000023100550000-memory.dmp

Filesize
64KB

Download
memory/1724-197-0x00000231004A0000-0x00000231004B0000-memory.dmp

Filesize
64KB

Download
memory/1724-196-0x0000023100490000-0x00000231004A0000-memory.dmp

Filesize
64KB

Download
memory/1724-201-0x0000023100550000-0x0000023100560000-memory.dmp

Filesize
64KB

Download
memory/1724-200-0x00000231004B0000-0x00000231004C0000-memory.dmp

Filesize
64KB

Download
memory/1724-203-0x00000231004C0000-0x00000231004D0000-memory.dmp

Filesize
64KB

Download
memory/1724-204-0x0000023100560000-0x0000023100570000-memory.dmp

Filesize
64KB

Download
memory/1724-208-0x00000231004D0000-0x00000231004E0000-memory.dmp

Filesize
64KB

Download
memory/1724-209-0x0000023100570000-0x0000023100580000-memory.dmp

Filesize
64KB

Download
memory/1724-210-0x00000231004F0000-0x0000023100500000-memory.dmp

Filesize
64KB

Download
memory/1724-211-0x00000231004E0000-0x00000231004F0000-memory.dmp

Filesize
64KB

Download
memory/1724-212-0x0000023100500000-0x0000023100510000-memory.dmp

Filesize
64KB

Download
memory/1724-213-0x0000023100510000-0x0000023100520000-memory.dmp

Filesize
64KB

Download
memory/1724-214-0x0000023100520000-0x0000023100530000-memory.dmp

Filesize
64KB

Download
memory/1724-215-0x0000023100530000-0x0000023100540000-memory.dmp

Filesize
64KB

Download