9cd1233a50262eb8fb441f83dfacdf7ff435ce982640404217660e356e5eb9c4

Resubmissions

03-07-2024 11:31

240703-nmnv4azgng 7

03-07-2024 11:27

240703-nkm6sathqj 8

Analysis

max time kernel
92s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Crystalware b10/Crystalware b10.jar
Size

19.4MB
MD5

2a143bc173789ea64bbc7cea4106bff1
SHA1

cb5397cf21e5acb4dc86b9ba799e130b989ccdee
SHA256

6b019af3dbe3a376770f5e47ab5eb6afecce8a4e2bbcc38c17fa18ea0ce8a50c
SHA512

cfb76ddadfce141c0addb19bfe51faa451e75120aa795705cf7dc0725d7a234a58dcbff9020337e34d5274cf360032b35027b5fde1a729a3519e34348985121b
SSDEEP

393216:SwL8zDijiSXoCL8zUgw1wfjhqAgQXTLO+cy80q4+b2JBhki:SwLMDijfX5LMUTwgARjLO+cyCOHGi

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2268	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 2268	4696	java.exe	82
PID 4696 wrote to memory of 2268	4696	java.exe	82

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Crystalware b10\Crystalware b10.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
ced5cb84d325e692e01257003c83d30b

SHA1
aab1400307b4f450d8353703be5fa071cae9092c

SHA256
b61915ec04f7526b7fd98b744a1e5388e952c2746013513e928b26b900a66eba

SHA512
38fcc2f40838d745cfb997f695400a414beadf7c1a2bccce585a5b2f85633893e18faa6f06320b3f918a7ae405dda8e93df7cc947f8dd8786372841bbbba844f

Download Submit
memory/4696-2-0x000001E52C400000-0x000001E52C670000-memory.dmp

Filesize
2.4MB

Download
memory/4696-12-0x000001E52AB30000-0x000001E52AB31000-memory.dmp

Filesize
4KB

Download
memory/4696-13-0x000001E52C400000-0x000001E52C670000-memory.dmp

Filesize
2.4MB

Download