765425141eb4a93c4ed0211356e843cb0de6a944d5358809403041636aa453d7

Analysis

max time kernel
125s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Common Files/Downloads/lock_and_key-1.18.2-1.1.0.jar
Size

15KB
MD5

4058cb3ace7f38bde3fadb92f0f877dc
SHA1

69cf6349a7ffedfccfad07cdf75ed366238ca744
SHA256

756c63068ef2a9ca30ab0a3cf54166eeb7e37fd94237efda9b392ee1da1d47b9
SHA512

794edcbf270fefe76a277fc158add76260331263978d068b86342e851dd6fc8043dbc26418d713119c07acbe9afcf1eb0655bf7314fc23d01028927df1ad6e6a
SSDEEP

192:/2X20cUoCXXz/JpRjvYLQnnqhWQYa3rE/VV++wCchzZTPJsILDbH30:/3UtljnIONV++w5JY6k

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4872	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 4872	2416	java.exe	89
PID 2416 wrote to memory of 4872	2416	java.exe	89

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Common Files\Downloads\lock_and_key-1.18.2-1.1.0.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3704,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:8
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
211a02bf79e17ce1857d0fa869955768

SHA1
a322ef2c6873090cddfaf22e9d27f48924a346ab

SHA256
2e960856458f1ab6d049d218edf2e572ed6ed8d188ec1678ea3e3958ad940d83

SHA512
52f0a6bfa97b50c822e9ec0bf2bb1839f9b8a4b6566d6961dc17ec486ceb0f8e78e8eea40e0d2c5bc8b228e2ed6cd5250b3796c2b46bcd570518106086e52515

Download Submit
memory/2416-2-0x0000024300000000-0x0000024300270000-memory.dmp

Filesize
2.4MB

Download
memory/2416-12-0x00000243756F0000-0x00000243756F1000-memory.dmp

Filesize
4KB

Download
memory/2416-13-0x0000024300000000-0x0000024300270000-memory.dmp

Filesize
2.4MB

Download