Analysis
-
max time kernel
34s -
max time network
21s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system -
submitted
16-06-2024 19:30
Static task
static1
Behavioral task
behavioral1
Sample
keygen.jar
Resource
win10-20240611-en
General
-
Target
keygen.jar
-
Size
63KB
-
MD5
df0c96d0cb9d4d337bf583d4f07ae832
-
SHA1
8f24aa15cf4485cae8bf61be6440a5faf9038ebc
-
SHA256
d203b0f62c7a4cfe0bc93a01988db7023a59de5298a5edc83bf8ef472d861319
-
SHA512
304a8a51e48a7066a5e49dece099fe1dc637df602eebb3913c4a60977860ae565ede3e7d668cb466111fc255e132cae9ec7d3afa74ae899530d009bfbe67c69f
-
SSDEEP
1536:UCdPNNTYDldMUHwGSjdFOKqQpQpIThxE7afiW5zLtr:BNNlUCjCKqM0kx2afiQzLtr
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
java.exepid process 5112 java.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
java.exepid process 5112 java.exe 5112 java.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 5112 wrote to memory of 3392 5112 java.exe icacls.exe PID 5112 wrote to memory of 3392 5112 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\keygen.jar1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:3392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD51ac642ae1c269ee8d7e987b5dbfa334c
SHA14a9f430a7bfe441be91268d1e171577f0a980236
SHA256ed0677ca82e26f3aaca67918b10749f0a000a06a1fcdcc301877400346abc9fa
SHA5124cc6e4fdba8e52ec6b5ea14c4306cb164d86b59fde8c7655d97495d410795335f652325bc1f13fae782c823970e024a50b1992fbfcb792d4589cd14ec9b5d8f7