Overview

overview

10

Static

static

3

Rz_launcher Setup.exe

windows7-x64

10

Rz_launcher Setup.exe

windows10-2004-x64

8

lib/activation.jar

windows7-x64

1

lib/activation.jar

windows10-2004-x64

7

lib/asm-all.jar

windows7-x64

1

lib/asm-all.jar

windows10-2004-x64

7

lib/commons-email.jar

windows7-x64

1

lib/commons-email.jar

windows10-2004-x64

7

lib/dn-com...le.jar

windows7-x64

1

lib/dn-com...le.jar

windows10-2004-x64

7

lib/dn-php-sdk.jar

windows7-x64

1

lib/dn-php-sdk.jar

windows10-2004-x64

7

lib/gson.jar

windows7-x64

1

lib/gson.jar

windows10-2004-x64

7

lib/jfoenix.jar

windows7-x64

1

lib/jfoenix.jar

windows10-2004-x64

7

lib/jkeymaster.jar

windows7-x64

1

lib/jkeymaster.jar

windows10-2004-x64

7

lib/jna.jar

windows7-x64

7

lib/jna.jar

windows10-2004-x64

7

lib/jphp-a...rk.jar

windows7-x64

1

lib/jphp-a...rk.jar

windows10-2004-x64

7

lib/jphp-core.jar

windows7-x64

1

lib/jphp-core.jar

windows10-2004-x64

7

lib/jphp-d...xt.jar

windows7-x64

1

lib/jphp-d...xt.jar

windows10-2004-x64

7

lib/jphp-d...xt.jar

windows7-x64

1

lib/jphp-d...xt.jar

windows10-2004-x64

7

lib/jphp-gui-ext.jar

windows7-x64

1

lib/jphp-gui-ext.jar

windows10-2004-x64

7

lib/jphp-g...xt.jar

windows7-x64

1

lib/jphp-g...xt.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    1704s
  • max time network
    1179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 15:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lib/dn-compiled-module.jar

  • Size

    931KB

  • MD5

    70f0ac9b4fab3012c0f4d7d9b3d57a25

  • SHA1

    053cc658fb239361bd14893cc4248bfe80886e05

  • SHA256

    c14534ff2ca0fad74363f197223b570a94bf9248d8f99141ffd378f9715f1b66

  • SHA512

    5eedda65f799b100cd508d7d279898d4c1dc1a1490570071103de22ecff166c5c1d8049dcf9a02f59456b6a43ca02031df03931c64647bbda5fa79ed6dfa4fb1

  • SSDEEP

    24576:5ihMa+tqat2nsUTgYNuSelRZFGGmjWgdJ:gh2tvt2swgYRe9FGGoJ

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\lib\dn-compiled-module.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:976
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    5ca373238c65be838a8e0f747b4ebb2a

    SHA1

    907105de6b4944600e0e4439719348d8a1d2719e

    SHA256

    c4c200bb7a7deb5acb68416dd0df566edb75d8f47c31a72984eeda359e151a97

    SHA512

    ac153b4ac7fbbaad03b035d14715f63a8eb74b36406b40fdfeeacd3f23d5347ef8c7852e2fe6c34c6fa71230baf385f8fc05c843b2f5f4d33e82a36775e9497a

    Download Submit

  • memory/976-2-0x000001BCC8AE0000-0x000001BCC8D50000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/976-12-0x000001BCC8AC0000-0x000001BCC8AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/976-13-0x000001BCC8AE0000-0x000001BCC8D50000-memory.dmp

    Filesize

    2.4MB

    Download