Overview

overview

7

Static

static

3

R3Client.zip

windows7-x64

1

R3Client.zip

windows10-2004-x64

1

Engine.CoreModule.dll

windows7-x64

1

Engine.CoreModule.dll

windows10-2004-x64

1

Library/Hi...a6.jar

windows7-x64

1

Library/Hi...a6.jar

windows10-2004-x64

7

Library/ac...on.jar

windows7-x64

1

Library/ac...on.jar

windows10-2004-x64

7

Library/an...me.jar

windows7-x64

1

Library/an...me.jar

windows10-2004-x64

7

Library/asm-all.jar

windows7-x64

1

Library/asm-all.jar

windows10-2004-x64

7

Library/co...il.jar

windows7-x64

1

Library/co...il.jar

windows10-2004-x64

7

Library/co...pi.jar

windows7-x64

1

Library/co...pi.jar

windows10-2004-x64

7

Library/dn...le.jar

windows7-x64

1

Library/dn...le.jar

windows10-2004-x64

7

Library/dn...dk.jar

windows7-x64

1

Library/dn...dk.jar

windows10-2004-x64

7

Library/dyn4j.jar

windows7-x64

1

Library/dyn4j.jar

windows10-2004-x64

7

Library/gson.jar

windows7-x64

1

Library/gson.jar

windows10-2004-x64

7

Library/ja...GA.jar

windows7-x64

1

Library/ja...GA.jar

windows10-2004-x64

7

Library/ja...18.jar

windows7-x64

1

Library/ja...18.jar

windows10-2004-x64

7

Library/jfoenix.jar

windows7-x64

1

Library/jfoenix.jar

windows10-2004-x64

7

Library/jk...er.jar

windows7-x64

1

Library/jk...er.jar

windows10-2004-x64

7

Resubmissions

25-06-2024 05:52

240625-gkzfgstcrd 7

Analysis

  • max time kernel
    148s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-06-2024 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Library/HikariCP-java6.jar

  • Size

    96KB

  • MD5

    b23689090502fcf359784933ce2286d8

  • SHA1

    85725de79f42d0d5dd3ff2b6b8b88c944b5e09a3

  • SHA256

    c9a447f70f876a2e56870ffa380caf1f26d949443494bdddb32c82c6e842bcbd

  • SHA512

    424cf0032c85316edea5e9304aa9465add1a5b5ec6f129a2884ae623465b1515aa349b2c33854dd231cf19008462ed42038282e0c5b15db415ebad4dd1bab995

  • SSDEEP

    1536:+X+3hQOEedEGSHQtDQSSDKYsub0EtKBRG3xkPQBSs3Qi6SKGEX0+Z8egJtEBL+oU:+X5zZwyBZ5P3GvGEX0OoHK+/Kyoajr

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Library\HikariCP-java6.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    924895de8afc8d29c631fa40a5151ca4

    SHA1

    2be4de4cca63a2777738b176b3da6172e46d78fa

    SHA256

    7966fcc2b595610f9d7682b4dbde8e06be5c6f34cf5a6082dd78791ec0aff191

    SHA512

    8802f5583d602d9a5c227c1a1a5cb69ad0255df2d536622fff528beee14f934b1c85d8641c002e4dc4138477d2a2ec4bf4951f7ff893a731993ae2a781afd913

    Download Submit

  • memory/2996-2-0x0000018DD1460000-0x0000018DD16D0000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2996-12-0x0000018DCFC10000-0x0000018DCFC11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2996-13-0x0000018DD1460000-0x0000018DD16D0000-memory.dmp

    Filesize

    2.4MB

    Download