Overview

overview

7

Static

static

3

PrismLaunc....4.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...rd.bmp

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

Qt6Core.dll

windows11-21h2-x64

1

Qt6Core5Compat.dll

windows11-21h2-x64

1

Qt6Gui.dll

windows11-21h2-x64

1

Qt6Network.dll

windows11-21h2-x64

1

Qt6Svg.dll

windows11-21h2-x64

1

Qt6Widgets.dll

windows11-21h2-x64

1

Qt6Xml.dll

windows11-21h2-x64

1

iconengine...on.dll

windows11-21h2-x64

1

imageformats/qgif.dll

windows11-21h2-x64

1

imageforma...ns.dll

windows11-21h2-x64

1

imageformats/qico.dll

windows11-21h2-x64

1

imageforma...eg.dll

windows11-21h2-x64

1

imageformats/qsvg.dll

windows11-21h2-x64

1

imageforma...mp.dll

windows11-21h2-x64

1

imageforma...bp.dll

windows11-21h2-x64

1

jars/JavaCheck.jar

windows11-21h2-x64

7

jars/NewLaunch.jar

windows11-21h2-x64

7

jars/NewLa...cy.jar

windows11-21h2-x64

7

platforms/...2d.dll

windows11-21h2-x64

1

platforms/...ws.dll

windows11-21h2-x64

1

prismlauncher.exe

windows11-21h2-x64

prismlaunc...nk.exe

windows11-21h2-x64

1

prismlaunc...er.exe

windows11-21h2-x64

1

qt.conf

windows11-21h2-x64

3

qtlogging.ini

windows11-21h2-x64

3

styles/qwi...le.dll

windows11-21h2-x64

1

tls/qschan...nd.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    544s
  • max time network
    558s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-06-2024 14:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jars/JavaCheck.jar

  • Size

    1KB

  • MD5

    46dead10b38ebcd54cb44e04d015eb8a

  • SHA1

    890a4316e2bc3937acb65eafcc7511f6022b48db

  • SHA256

    c7e230469627a3c154bd5e35ab3ce0449f92296c357bcd001dae455ddba4add5

  • SHA512

    f9b758c0d52a99f2f689bcbadd1646cc99c57284a895c55d3800227b155b037d11902c0d21c12ee3e0acc87fb34282aaf641af54c9f7d6bcc574d52eac72471c

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\jars\JavaCheck.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    6e1e4db21c23dcff60dbd6a090847eb3

    SHA1

    c4f28f9a8a137c68b84e2fb77b715c4a0c62055e

    SHA256

    ce1927207c040f4bddd0e9d39a1f332034cf7341d133778857d90c7b211d1b14

    SHA512

    eae3746fd4b500ec151940c75441fe23caff85a4aa473159cb9d87e1c674601e7ff529562f3f47948a5ce3fd83f000768b55bf6929a4d1bed31202b060a785c3

    Download Submit

  • memory/2084-2-0x000001A369A30000-0x000001A369CA0000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2084-12-0x000001A368250000-0x000001A368251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2084-13-0x000001A369A30000-0x000001A369CA0000-memory.dmp

    Filesize

    2.4MB

    Download