Overview

overview

7

Static

static

3

R3Client.zip

windows7-x64

1

R3Client.zip

windows10-2004-x64

1

Engine.CoreModule.dll

windows7-x64

1

Engine.CoreModule.dll

windows10-2004-x64

1

Library/Hi...a6.jar

windows7-x64

1

Library/Hi...a6.jar

windows10-2004-x64

7

Library/ac...on.jar

windows7-x64

1

Library/ac...on.jar

windows10-2004-x64

7

Library/an...me.jar

windows7-x64

1

Library/an...me.jar

windows10-2004-x64

7

Library/asm-all.jar

windows7-x64

1

Library/asm-all.jar

windows10-2004-x64

7

Library/co...il.jar

windows7-x64

1

Library/co...il.jar

windows10-2004-x64

7

Library/co...pi.jar

windows7-x64

1

Library/co...pi.jar

windows10-2004-x64

7

Library/dn...le.jar

windows7-x64

1

Library/dn...le.jar

windows10-2004-x64

7

Library/dn...dk.jar

windows7-x64

1

Library/dn...dk.jar

windows10-2004-x64

7

Library/dyn4j.jar

windows7-x64

1

Library/dyn4j.jar

windows10-2004-x64

7

Library/gson.jar

windows7-x64

1

Library/gson.jar

windows10-2004-x64

7

Library/ja...GA.jar

windows7-x64

1

Library/ja...GA.jar

windows10-2004-x64

7

Library/ja...18.jar

windows7-x64

1

Library/ja...18.jar

windows10-2004-x64

7

Library/jfoenix.jar

windows7-x64

1

Library/jfoenix.jar

windows10-2004-x64

7

Library/jk...er.jar

windows7-x64

1

Library/jk...er.jar

windows10-2004-x64

7

Resubmissions

25-06-2024 05:52

240625-gkzfgstcrd 7

Analysis

  • max time kernel
    138s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-06-2024 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Library/activation.jar

  • Size

    67KB

  • MD5

    46a37512971d8eca81c3fcf245bf07d2

  • SHA1

    485de3a253e23f645037828c07f1d7f1af40763a

  • SHA256

    ae475120e9fcd99b4b00b38329bd61cdc5eb754eee03fe66c01f50e137724f99

  • SHA512

    49119b0cc3af02700685a55c6f15e6d40643f81640e642b9ea39a59e18d542f8837d30b43b5be006ce1a98c8ec9729bb2165c0442978168f64caa2fc6e3cb93d

  • SSDEEP

    1536:j8OaGRey8DeyJ9Zw/19ErY0O9J8cbd3V6OgrVf:xVey8DBc19SFwJB29x

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Library\activation.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    c81dc172cea819936cc3e9c4ff7f8d78

    SHA1

    c0b9cbcd31f663d4f4f2f79cc76d7d1b12e32859

    SHA256

    37a2b800c7bdb1f1632772ba71aaca6667a2e6949aa08bdf4008d92e494215cd

    SHA512

    a3fae21995cf579313d852344a65aac0abd6af30caf3459b4abe99dd66fd6eb422cb8deb0e0d490b8697b77a8bed55de94563f7f501a5e183c607b14fe45c365

    Download Submit

  • memory/1724-2-0x000001D281410000-0x000001D281680000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1724-12-0x000001D2FF6B0000-0x000001D2FF6B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1724-13-0x000001D281410000-0x000001D281680000-memory.dmp

    Filesize

    2.4MB

    Download