01ed21113dc9ef0fc8db1ab49021286f47c7e75eb377f24c8c57dc9b25cfcc59

Analysis

max time kernel
59s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01ed21113dc9ef0fc8db1ab49021286f47c7e75eb377f24c8c57dc9b25cfcc59.jar
Size

203KB
MD5

6466b8b6db77557217549b21d857ba28
SHA1

850b21f745803ca28cc4e4607e433452d1fade1e
SHA256

01ed21113dc9ef0fc8db1ab49021286f47c7e75eb377f24c8c57dc9b25cfcc59
SHA512

72a62ec8b536bdb9f5075b25166b7c1cb59cd5cf2f736e3bc28c98b57a3d86c8b2c666669e1a5309291e5551a9f758e252ba9b1cd3b99bbe49f37441d42e9230
SSDEEP

3072:mV2ECg5sT5LQlZ9IkZI/fd3qr9w5wYJJk4ubY+pqtvQzvL0BoWrTy/mS:Qz65LG9bZbBw5wYJqN0dozvQSWrTnS

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

3928 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 372 wrote to memory of 3928 372 java.exe icacls.exe
PID 372 wrote to memory of 3928 372 java.exe icacls.exe

pid	process
3928	icacls.exe

description	pid	process	target process
PID 372 wrote to memory of 3928	372	java.exe	icacls.exe
PID 372 wrote to memory of 3928	372	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\01ed21113dc9ef0fc8db1ab49021286f47c7e75eb377f24c8c57dc9b25cfcc59.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
d150ef604f3a2e3ffc48ea239dc0296b

SHA1
4c86abb1086c21be596e1d6f5d54a29736d75979

SHA256
ecd7b9a63065ba4cce0ca6f9c48a16b8fb01873467ebd9b467fb43e9a12ced2e

SHA512
3761d2f96fbb27885525142f1d6ce69a4249d708223d5dc92f90ac5536ac6b80d119a27fe36e9934879fcdca777678bcbba009f393b2f92cefa5de3c8f6c7deb

Download Submit
memory/372-2-0x00000281DA940000-0x00000281DABB0000-memory.dmp

Filesize
2.4MB

Download
memory/372-14-0x00000281DABB0000-0x00000281DABC0000-memory.dmp

Filesize
64KB

Download
memory/372-16-0x00000281DABC0000-0x00000281DABD0000-memory.dmp

Filesize
64KB

Download
memory/372-17-0x00000281DABD0000-0x00000281DABE0000-memory.dmp

Filesize
64KB

Download
memory/372-21-0x00000281DABF0000-0x00000281DAC00000-memory.dmp

Filesize
64KB

Download
memory/372-20-0x00000281DABE0000-0x00000281DABF0000-memory.dmp

Filesize
64KB

Download
memory/372-23-0x00000281DAC00000-0x00000281DAC10000-memory.dmp

Filesize
64KB

Download
memory/372-26-0x00000281DAC10000-0x00000281DAC20000-memory.dmp

Filesize
64KB

Download
memory/372-27-0x00000281DAC20000-0x00000281DAC30000-memory.dmp

Filesize
64KB

Download
memory/372-33-0x00000281DAC30000-0x00000281DAC40000-memory.dmp

Filesize
64KB

Download
memory/372-36-0x00000281DAC40000-0x00000281DAC50000-memory.dmp

Filesize
64KB

Download
memory/372-38-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download
memory/372-40-0x00000281DA940000-0x00000281DABB0000-memory.dmp

Filesize
2.4MB

Download
memory/372-41-0x00000281DAC50000-0x00000281DAC60000-memory.dmp

Filesize
64KB

Download
memory/372-44-0x00000281DAC70000-0x00000281DAC80000-memory.dmp

Filesize
64KB

Download
memory/372-43-0x00000281DABB0000-0x00000281DABC0000-memory.dmp

Filesize
64KB

Download
memory/372-42-0x00000281DAC60000-0x00000281DAC70000-memory.dmp

Filesize
64KB

Download
memory/372-48-0x00000281DAC80000-0x00000281DAC90000-memory.dmp

Filesize
64KB

Download
memory/372-47-0x00000281DABC0000-0x00000281DABD0000-memory.dmp

Filesize
64KB

Download
memory/372-50-0x00000281DABD0000-0x00000281DABE0000-memory.dmp

Filesize
64KB

Download
memory/372-54-0x00000281DABF0000-0x00000281DAC00000-memory.dmp

Filesize
64KB

Download
memory/372-53-0x00000281DABE0000-0x00000281DABF0000-memory.dmp

Filesize
64KB

Download
memory/372-52-0x00000281DACA0000-0x00000281DACB0000-memory.dmp

Filesize
64KB

Download
memory/372-51-0x00000281DAC90000-0x00000281DACA0000-memory.dmp

Filesize
64KB

Download
memory/372-59-0x00000281DACB0000-0x00000281DACC0000-memory.dmp

Filesize
64KB

Download
memory/372-58-0x00000281DAC00000-0x00000281DAC10000-memory.dmp

Filesize
64KB

Download
memory/372-60-0x00000281DACC0000-0x00000281DACD0000-memory.dmp

Filesize
64KB

Download
memory/372-63-0x00000281DAC10000-0x00000281DAC20000-memory.dmp

Filesize
64KB

Download
memory/372-65-0x00000281DAC20000-0x00000281DAC30000-memory.dmp

Filesize
64KB

Download
memory/372-66-0x00000281DAC30000-0x00000281DAC40000-memory.dmp

Filesize
64KB

Download
memory/372-67-0x00000281DAC40000-0x00000281DAC50000-memory.dmp

Filesize
64KB

Download
memory/372-68-0x00000281DAC50000-0x00000281DAC60000-memory.dmp

Filesize
64KB

Download
memory/372-72-0x00000281DACD0000-0x00000281DACE0000-memory.dmp

Filesize
64KB

Download
memory/372-71-0x00000281DAC70000-0x00000281DAC80000-memory.dmp

Filesize
64KB

Download
memory/372-70-0x00000281DAC60000-0x00000281DAC70000-memory.dmp

Filesize
64KB

Download
memory/372-74-0x00000281DAC80000-0x00000281DAC90000-memory.dmp

Filesize
64KB

Download
memory/372-75-0x00000281DACE0000-0x00000281DACF0000-memory.dmp

Filesize
64KB

Download
memory/372-77-0x00000281DAC90000-0x00000281DACA0000-memory.dmp

Filesize
64KB

Download
memory/372-78-0x00000281DACF0000-0x00000281DAD00000-memory.dmp

Filesize
64KB

Download
memory/372-81-0x00000281DAD00000-0x00000281DAD10000-memory.dmp

Filesize
64KB

Download
memory/372-80-0x00000281DACA0000-0x00000281DACB0000-memory.dmp

Filesize
64KB

Download
memory/372-83-0x00000281DACB0000-0x00000281DACC0000-memory.dmp

Filesize
64KB

Download
memory/372-85-0x00000281DAD10000-0x00000281DAD20000-memory.dmp

Filesize
64KB

Download
memory/372-84-0x00000281DACC0000-0x00000281DACD0000-memory.dmp

Filesize
64KB

Download
memory/372-87-0x00000281DAD20000-0x00000281DAD30000-memory.dmp

Filesize
64KB

Download
memory/372-89-0x00000281DAD30000-0x00000281DAD40000-memory.dmp

Filesize
64KB

Download
memory/372-91-0x00000281DAD40000-0x00000281DAD50000-memory.dmp

Filesize
64KB

Download
memory/372-95-0x00000281DAD60000-0x00000281DAD70000-memory.dmp

Filesize
64KB

Download
memory/372-94-0x00000281DAD50000-0x00000281DAD60000-memory.dmp

Filesize
64KB

Download
memory/372-97-0x00000281DAD70000-0x00000281DAD80000-memory.dmp

Filesize
64KB

Download
memory/372-99-0x00000281DACD0000-0x00000281DACE0000-memory.dmp

Filesize
64KB

Download
memory/372-100-0x00000281DAD80000-0x00000281DAD90000-memory.dmp

Filesize
64KB

Download
memory/372-104-0x00000281DADA0000-0x00000281DADB0000-memory.dmp

Filesize
64KB

Download
memory/372-103-0x00000281DACE0000-0x00000281DACF0000-memory.dmp

Filesize
64KB

Download
memory/372-105-0x00000281DACF0000-0x00000281DAD00000-memory.dmp

Filesize
64KB

Download
memory/372-106-0x00000281DAD90000-0x00000281DADA0000-memory.dmp

Filesize
64KB

Download
memory/372-108-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download
memory/372-109-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download
memory/372-110-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download
memory/372-111-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download
memory/372-117-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download
memory/372-119-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download
memory/372-130-0x00000281DADB0000-0x00000281DADC0000-memory.dmp

Filesize
64KB

Download
memory/372-129-0x00000281DAD00000-0x00000281DAD10000-memory.dmp

Filesize
64KB

Download
memory/372-132-0x00000281DAD10000-0x00000281DAD20000-memory.dmp

Filesize
64KB

Download
memory/372-133-0x00000281DADC0000-0x00000281DADD0000-memory.dmp

Filesize
64KB

Download
memory/372-136-0x00000281DADD0000-0x00000281DADE0000-memory.dmp

Filesize
64KB

Download
memory/372-135-0x00000281DAD20000-0x00000281DAD30000-memory.dmp

Filesize
64KB

Download
memory/372-138-0x00000281DAD30000-0x00000281DAD40000-memory.dmp

Filesize
64KB

Download
memory/372-139-0x00000281DADE0000-0x00000281DADF0000-memory.dmp

Filesize
64KB

Download
memory/372-142-0x00000281DADF0000-0x00000281DAE00000-memory.dmp

Filesize
64KB

Download
memory/372-141-0x00000281DAD40000-0x00000281DAD50000-memory.dmp

Filesize
64KB

Download
memory/372-146-0x00000281DAE00000-0x00000281DAE10000-memory.dmp

Filesize
64KB

Download
memory/372-145-0x00000281DAD60000-0x00000281DAD70000-memory.dmp

Filesize
64KB

Download
memory/372-144-0x00000281DAD50000-0x00000281DAD60000-memory.dmp

Filesize
64KB

Download
memory/372-149-0x00000281DAE10000-0x00000281DAE20000-memory.dmp

Filesize
64KB

Download
memory/372-148-0x00000281DAD70000-0x00000281DAD80000-memory.dmp

Filesize
64KB

Download
memory/372-153-0x00000281DAE20000-0x00000281DAE30000-memory.dmp

Filesize
64KB

Download
memory/372-154-0x00000281DAE30000-0x00000281DAE40000-memory.dmp

Filesize
64KB

Download
memory/372-152-0x00000281DAD80000-0x00000281DAD90000-memory.dmp

Filesize
64KB

Download
memory/372-157-0x00000281DADA0000-0x00000281DADB0000-memory.dmp

Filesize
64KB

Download
memory/372-158-0x00000281DAE40000-0x00000281DAE50000-memory.dmp

Filesize
64KB

Download
memory/372-162-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download
memory/372-173-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download
memory/372-182-0x00000281DAE50000-0x00000281DAE60000-memory.dmp

Filesize
64KB

Download
memory/372-181-0x00000281DAD90000-0x00000281DADA0000-memory.dmp

Filesize
64KB

Download
memory/372-185-0x00000281DADB0000-0x00000281DADC0000-memory.dmp

Filesize
64KB

Download
memory/372-186-0x00000281DAE60000-0x00000281DAE70000-memory.dmp

Filesize
64KB

Download
memory/372-190-0x00000281DAE70000-0x00000281DAE80000-memory.dmp

Filesize
64KB

Download
memory/372-189-0x00000281DADC0000-0x00000281DADD0000-memory.dmp

Filesize
64KB

Download
memory/372-194-0x00000281DADD0000-0x00000281DADE0000-memory.dmp

Filesize
64KB

Download
memory/372-197-0x00000281DAE80000-0x00000281DAE90000-memory.dmp

Filesize
64KB

Download
memory/372-196-0x00000281DADE0000-0x00000281DADF0000-memory.dmp

Filesize
64KB

Download
memory/372-200-0x00000281DADF0000-0x00000281DAE00000-memory.dmp

Filesize
64KB

Download
memory/372-201-0x00000281DAE90000-0x00000281DAEA0000-memory.dmp

Filesize
64KB

Download
memory/372-204-0x00000281DAEA0000-0x00000281DAEB0000-memory.dmp

Filesize
64KB

Download
memory/372-203-0x00000281DAE00000-0x00000281DAE10000-memory.dmp

Filesize
64KB

Download
memory/372-206-0x00000281DAE10000-0x00000281DAE20000-memory.dmp

Filesize
64KB

Download
memory/372-207-0x00000281DAE20000-0x00000281DAE30000-memory.dmp

Filesize
64KB

Download
memory/372-208-0x00000281DAE30000-0x00000281DAE40000-memory.dmp

Filesize
64KB

Download
memory/372-209-0x00000281DAE40000-0x00000281DAE50000-memory.dmp

Filesize
64KB

Download
memory/372-210-0x00000281DAE50000-0x00000281DAE60000-memory.dmp

Filesize
64KB

Download
memory/372-211-0x00000281DAE60000-0x00000281DAE70000-memory.dmp

Filesize
64KB

Download
memory/372-216-0x00000281DAEB0000-0x00000281DAEC0000-memory.dmp

Filesize
64KB

Download
memory/372-215-0x00000281DAE70000-0x00000281DAE80000-memory.dmp

Filesize
64KB

Download
memory/372-239-0x00000281D90D0000-0x00000281D90D1000-memory.dmp

Filesize
4KB

Download