01ed21113dc9ef0fc8db1ab49021286f47c7e75eb377f24c8c57dc9b25cfcc59

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01ed21113dc9ef0fc8db1ab49021286f47c7e75eb377f24c8c57dc9b25cfcc59.jar
Size

203KB
MD5

6466b8b6db77557217549b21d857ba28
SHA1

850b21f745803ca28cc4e4607e433452d1fade1e
SHA256

01ed21113dc9ef0fc8db1ab49021286f47c7e75eb377f24c8c57dc9b25cfcc59
SHA512

72a62ec8b536bdb9f5075b25166b7c1cb59cd5cf2f736e3bc28c98b57a3d86c8b2c666669e1a5309291e5551a9f758e252ba9b1cd3b99bbe49f37441d42e9230
SSDEEP

3072:mV2ECg5sT5LQlZ9IkZI/fd3qr9w5wYJJk4ubY+pqtvQzvL0BoWrTy/mS:Qz65LG9bZbBw5wYJqN0dozvQSWrTnS

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

Processes:

icacls.exe

pid	Process
4340	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description	pid	Process	procid_target
PID 1244 wrote to memory of 4340	1244	java.exe	85
PID 1244 wrote to memory of 4340	1244	java.exe	85

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\01ed21113dc9ef0fc8db1ab49021286f47c7e75eb377f24c8c57dc9b25cfcc59.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
561282af8bdf8bee61d8ed2b8998e564

SHA1
aeeb32a5ecb34adef2772fcda441b816c7f838fe

SHA256
593df569d3b3cb664994694b6e19e3a6b7c6da8e11c83c3566e743dd8f25bc96

SHA512
97b92ab6f5dcd879fe6d23691a4db52ced56ec617536ade46c755db7511171b6684943946f3207ca129f7ae2df72063c1c6dd34689c57094e90b1353afe9ec82

Download Submit
memory/1244-2-0x000001E1D0B80000-0x000001E1D0DF0000-memory.dmp

Filesize
2.4MB

Download
memory/1244-14-0x000001E1D0DF0000-0x000001E1D0E00000-memory.dmp

Filesize
64KB

Download
memory/1244-16-0x000001E1D0E00000-0x000001E1D0E10000-memory.dmp

Filesize
64KB

Download
memory/1244-17-0x000001E1D0E10000-0x000001E1D0E20000-memory.dmp

Filesize
64KB

Download
memory/1244-21-0x000001E1D0E30000-0x000001E1D0E40000-memory.dmp

Filesize
64KB

Download
memory/1244-20-0x000001E1D0E20000-0x000001E1D0E30000-memory.dmp

Filesize
64KB

Download
memory/1244-23-0x000001E1D0E40000-0x000001E1D0E50000-memory.dmp

Filesize
64KB

Download
memory/1244-26-0x000001E1D0E50000-0x000001E1D0E60000-memory.dmp

Filesize
64KB

Download
memory/1244-28-0x000001E1D0E60000-0x000001E1D0E70000-memory.dmp

Filesize
64KB

Download
memory/1244-29-0x000001E1D0E70000-0x000001E1D0E80000-memory.dmp

Filesize
64KB

Download
memory/1244-39-0x000001E1D0B80000-0x000001E1D0DF0000-memory.dmp

Filesize
2.4MB

Download
memory/1244-37-0x000001E1D0B60000-0x000001E1D0B61000-memory.dmp

Filesize
4KB

Download
memory/1244-43-0x000001E1D0EA0000-0x000001E1D0EB0000-memory.dmp

Filesize
64KB

Download
memory/1244-42-0x000001E1D0EB0000-0x000001E1D0EC0000-memory.dmp

Filesize
64KB

Download
memory/1244-41-0x000001E1D0E90000-0x000001E1D0EA0000-memory.dmp

Filesize
64KB

Download
memory/1244-40-0x000001E1D0E80000-0x000001E1D0E90000-memory.dmp

Filesize
64KB

Download
memory/1244-48-0x000001E1D0EC0000-0x000001E1D0ED0000-memory.dmp

Filesize
64KB

Download
memory/1244-47-0x000001E1D0E00000-0x000001E1D0E10000-memory.dmp

Filesize
64KB

Download
memory/1244-46-0x000001E1D0DF0000-0x000001E1D0E00000-memory.dmp

Filesize
64KB

Download
memory/1244-51-0x000001E1D0ED0000-0x000001E1D0EE0000-memory.dmp

Filesize
64KB

Download
memory/1244-50-0x000001E1D0E10000-0x000001E1D0E20000-memory.dmp

Filesize
64KB

Download
memory/1244-55-0x000001E1D0EE0000-0x000001E1D0EF0000-memory.dmp

Filesize
64KB

Download
memory/1244-56-0x000001E1D0EF0000-0x000001E1D0F00000-memory.dmp

Filesize
64KB

Download
memory/1244-54-0x000001E1D0E20000-0x000001E1D0E30000-memory.dmp

Filesize
64KB

Download
memory/1244-59-0x000001E1D0F00000-0x000001E1D0F10000-memory.dmp

Filesize
64KB

Download
memory/1244-58-0x000001E1D0E30000-0x000001E1D0E40000-memory.dmp

Filesize
64KB

Download
memory/1244-61-0x000001E1D0F10000-0x000001E1D0F20000-memory.dmp

Filesize
64KB

Download
memory/1244-60-0x000001E1D0E40000-0x000001E1D0E50000-memory.dmp

Filesize
64KB

Download
memory/1244-65-0x000001E1D0E50000-0x000001E1D0E60000-memory.dmp

Filesize
64KB

Download
memory/1244-67-0x000001E1D0E60000-0x000001E1D0E70000-memory.dmp

Filesize
64KB

Download
memory/1244-68-0x000001E1D0E70000-0x000001E1D0E80000-memory.dmp

Filesize
64KB

Download
memory/1244-69-0x000001E1D0E80000-0x000001E1D0E90000-memory.dmp

Filesize
64KB

Download
memory/1244-70-0x000001E1D0E90000-0x000001E1D0EA0000-memory.dmp

Filesize
64KB

Download
memory/1244-71-0x000001E1D0EB0000-0x000001E1D0EC0000-memory.dmp

Filesize
64KB

Download
memory/1244-73-0x000001E1D0EA0000-0x000001E1D0EB0000-memory.dmp

Filesize
64KB

Download
memory/1244-75-0x000001E1D0F20000-0x000001E1D0F30000-memory.dmp

Filesize
64KB

Download
memory/1244-74-0x000001E1D0EC0000-0x000001E1D0ED0000-memory.dmp

Filesize
64KB

Download
memory/1244-78-0x000001E1D0F30000-0x000001E1D0F40000-memory.dmp

Filesize
64KB

Download
memory/1244-77-0x000001E1D0ED0000-0x000001E1D0EE0000-memory.dmp

Filesize
64KB

Download
memory/1244-82-0x000001E1D0F40000-0x000001E1D0F50000-memory.dmp

Filesize
64KB

Download
memory/1244-81-0x000001E1D0EF0000-0x000001E1D0F00000-memory.dmp

Filesize
64KB

Download
memory/1244-80-0x000001E1D0EE0000-0x000001E1D0EF0000-memory.dmp

Filesize
64KB

Download
memory/1244-87-0x000001E1D0F60000-0x000001E1D0F70000-memory.dmp

Filesize
64KB

Download
memory/1244-86-0x000001E1D0F50000-0x000001E1D0F60000-memory.dmp

Filesize
64KB

Download
memory/1244-85-0x000001E1D0F00000-0x000001E1D0F10000-memory.dmp

Filesize
64KB

Download
memory/1244-89-0x000001E1D0F10000-0x000001E1D0F20000-memory.dmp

Filesize
64KB

Download
memory/1244-90-0x000001E1D0F70000-0x000001E1D0F80000-memory.dmp

Filesize
64KB

Download
memory/1244-92-0x000001E1D0F80000-0x000001E1D0F90000-memory.dmp

Filesize
64KB

Download
memory/1244-94-0x000001E1D0F90000-0x000001E1D0FA0000-memory.dmp

Filesize
64KB

Download
memory/1244-98-0x000001E1D0FA0000-0x000001E1D0FB0000-memory.dmp

Filesize
64KB

Download
memory/1244-99-0x000001E1D0FB0000-0x000001E1D0FC0000-memory.dmp

Filesize
64KB

Download
memory/1244-100-0x000001E1D0FC0000-0x000001E1D0FD0000-memory.dmp

Filesize
64KB

Download
memory/1244-102-0x000001E1D0FD0000-0x000001E1D0FE0000-memory.dmp

Filesize
64KB

Download
memory/1244-106-0x000001E1D0F20000-0x000001E1D0F30000-memory.dmp

Filesize
64KB

Download
memory/1244-108-0x000001E1D0FF0000-0x000001E1D1000000-memory.dmp

Filesize
64KB

Download
memory/1244-107-0x000001E1D0FE0000-0x000001E1D0FF0000-memory.dmp

Filesize
64KB

Download
memory/1244-109-0x000001E1D0B60000-0x000001E1D0B61000-memory.dmp

Filesize
4KB

Download
memory/1244-112-0x000001E1D0F30000-0x000001E1D0F40000-memory.dmp

Filesize
64KB

Download
memory/1244-113-0x000001E1D1000000-0x000001E1D1010000-memory.dmp

Filesize
64KB

Download
memory/1244-116-0x000001E1D0B60000-0x000001E1D0B61000-memory.dmp

Filesize
4KB

Download
memory/1244-117-0x000001E1D0B60000-0x000001E1D0B61000-memory.dmp

Filesize
4KB

Download
memory/1244-135-0x000001E1D1010000-0x000001E1D1020000-memory.dmp

Filesize
64KB

Download
memory/1244-134-0x000001E1D0F40000-0x000001E1D0F50000-memory.dmp

Filesize
64KB

Download
memory/1244-142-0x000001E1D1030000-0x000001E1D1040000-memory.dmp

Filesize
64KB

Download
memory/1244-141-0x000001E1D1040000-0x000001E1D1050000-memory.dmp

Filesize
64KB

Download
memory/1244-140-0x000001E1D1020000-0x000001E1D1030000-memory.dmp

Filesize
64KB

Download
memory/1244-139-0x000001E1D0F60000-0x000001E1D0F70000-memory.dmp

Filesize
64KB

Download
memory/1244-138-0x000001E1D0F50000-0x000001E1D0F60000-memory.dmp

Filesize
64KB

Download
memory/1244-145-0x000001E1D1050000-0x000001E1D1060000-memory.dmp

Filesize
64KB

Download
memory/1244-144-0x000001E1D0F70000-0x000001E1D0F80000-memory.dmp

Filesize
64KB

Download
memory/1244-147-0x000001E1D0F80000-0x000001E1D0F90000-memory.dmp

Filesize
64KB

Download
memory/1244-148-0x000001E1D1060000-0x000001E1D1070000-memory.dmp

Filesize
64KB

Download
memory/1244-151-0x000001E1D1070000-0x000001E1D1080000-memory.dmp

Filesize
64KB

Download
memory/1244-150-0x000001E1D0F90000-0x000001E1D0FA0000-memory.dmp

Filesize
64KB

Download
memory/1244-155-0x000001E1D1080000-0x000001E1D1090000-memory.dmp

Filesize
64KB

Download
memory/1244-154-0x000001E1D0FB0000-0x000001E1D0FC0000-memory.dmp

Filesize
64KB

Download
memory/1244-153-0x000001E1D0FA0000-0x000001E1D0FB0000-memory.dmp

Filesize
64KB

Download
memory/1244-158-0x000001E1D0FC0000-0x000001E1D0FD0000-memory.dmp

Filesize
64KB

Download
memory/1244-159-0x000001E1D1090000-0x000001E1D10A0000-memory.dmp

Filesize
64KB

Download
memory/1244-183-0x000001E1D10A0000-0x000001E1D10B0000-memory.dmp

Filesize
64KB

Download
memory/1244-182-0x000001E1D0FD0000-0x000001E1D0FE0000-memory.dmp

Filesize
64KB

Download
memory/1244-188-0x000001E1D10B0000-0x000001E1D10C0000-memory.dmp

Filesize
64KB

Download
memory/1244-187-0x000001E1D0FF0000-0x000001E1D1000000-memory.dmp

Filesize
64KB

Download
memory/1244-186-0x000001E1D0FE0000-0x000001E1D0FF0000-memory.dmp

Filesize
64KB

Download
memory/1244-192-0x000001E1D10C0000-0x000001E1D10D0000-memory.dmp

Filesize
64KB

Download
memory/1244-191-0x000001E1D1000000-0x000001E1D1010000-memory.dmp

Filesize
64KB

Download
memory/1244-197-0x000001E1D1010000-0x000001E1D1020000-memory.dmp

Filesize
64KB

Download
memory/1244-198-0x000001E1D1020000-0x000001E1D1030000-memory.dmp

Filesize
64KB

Download
memory/1244-201-0x000001E1D10D0000-0x000001E1D10E0000-memory.dmp

Filesize
64KB

Download
memory/1244-200-0x000001E1D1030000-0x000001E1D1040000-memory.dmp

Filesize
64KB

Download
memory/1244-199-0x000001E1D1040000-0x000001E1D1050000-memory.dmp

Filesize
64KB

Download
memory/1244-205-0x000001E1D1050000-0x000001E1D1060000-memory.dmp

Filesize
64KB

Download
memory/1244-206-0x000001E1D10E0000-0x000001E1D10F0000-memory.dmp

Filesize
64KB

Download
memory/1244-208-0x000001E1D1060000-0x000001E1D1070000-memory.dmp

Filesize
64KB

Download
memory/1244-209-0x000001E1D10F0000-0x000001E1D1100000-memory.dmp

Filesize
64KB

Download
memory/1244-214-0x000001E1D1070000-0x000001E1D1080000-memory.dmp

Filesize
64KB

Download
memory/1244-215-0x000001E1D1080000-0x000001E1D1090000-memory.dmp

Filesize
64KB

Download
memory/1244-216-0x000001E1D1090000-0x000001E1D10A0000-memory.dmp

Filesize
64KB

Download
memory/1244-217-0x000001E1D10A0000-0x000001E1D10B0000-memory.dmp

Filesize
64KB

Download
memory/1244-218-0x000001E1D10B0000-0x000001E1D10C0000-memory.dmp

Filesize
64KB

Download