71df38391e7e136667f804bad24713d283f0066790e8b8f93ba5190b8f3acfd3

Analysis

max time kernel
79s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

007189336303f8f137655b32e93229ac_JaffaCakes118.jar
Size

25KB
MD5

007189336303f8f137655b32e93229ac
SHA1

f618f1d4cfabcd39569fa8f5f86ad96ea7af2645
SHA256

71df38391e7e136667f804bad24713d283f0066790e8b8f93ba5190b8f3acfd3
SHA512

ebee6fb372611abd5cf2ed4092eb2174ec37239ea1927537b7956329b7175dc98d98625dcb06f7fd3d87c5438201f627505e3f4746d5b4e41349f5f495e55942
SSDEEP

768:uaPwCoxNkqwdZXZr88KhDfbKvntXmUujyisQ:uaICAyTXZbK1f+1XVQ

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3692	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 3692	4384	java.exe	85
PID 4384 wrote to memory of 3692	4384	java.exe	85

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\007189336303f8f137655b32e93229ac_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
d325e3552c0d36a096b268b8baaa306e

SHA1
eb8a89d39983210f3bbd0b11612c52b65c3d6f97

SHA256
ff33c092e93f76ffba14ce808d2abef74d5b693cbde84557af17a5ff3bcb0579

SHA512
e9b5644a78724cbe5847cefaa0138802d87bfb24c9d372e5b43e5f366a7ca3c66cdb180b889fec2500b9a5603c9b4f22020448cc232cd3337c2a0f555f1581d0

Download Submit
memory/4384-2-0x00000140666B0000-0x0000014066920000-memory.dmp

Filesize
2.4MB

Download
memory/4384-12-0x0000014066690000-0x0000014066691000-memory.dmp

Filesize
4KB

Download
memory/4384-13-0x00000140666B0000-0x0000014066920000-memory.dmp

Filesize
2.4MB

Download