3eafb74de2ee510948914c85bc60f01044bae17b12055e892c1711abc20fd64b

Analysis

max time kernel
28s
max time network
34s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
06-07-2024 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3eafb74de2ee510948914c85bc60f01044bae17b12055e892c1711abc20fd64b.jar
Size

203KB
MD5

b6ca4213e6f097b3537f732a4ffd195f
SHA1

59539ba574ca3ad901331cfaef98977d68fc3ee0
SHA256

3eafb74de2ee510948914c85bc60f01044bae17b12055e892c1711abc20fd64b
SHA512

ee17012dcfd98829e4a5fae7b11c7265a16ccdb3a0682968fd115b57fef10123ff9174119fbed70c2d1cd3d63eb8437ddc3f289da3652bdf1f8aac96cde5b0e1
SSDEEP

3072:xxXgSiFF4/9Gc/GJrulpnKtQ3aeb01TdD9KQ0rSK2WF52G8a:xhgSiFFc/4Cl4qp01Tx9+SrG8a

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
908	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 908	2428	java.exe	79
PID 2428 wrote to memory of 908	2428	java.exe	79

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\3eafb74de2ee510948914c85bc60f01044bae17b12055e892c1711abc20fd64b.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
6d6a5ad3b1904a6d74a209a8db436096

SHA1
4d324bdd289628457c0b4816cc32f5530501aaf6

SHA256
59983c540c9edd18ca1d8907c251971522917f3aa169576628791b5ed3641b95

SHA512
9a923f6edeee0f56fbd21b2636b3a2d8a53754ac196be38e75972107c743de380b0bd94bfabbabc3c1fd45af708a281ced4b31e5c160e640177f77bb567f36ef

Download Submit
memory/2428-2-0x000001FB1FC50000-0x000001FB1FEC0000-memory.dmp

Filesize
2.4MB

Download
memory/2428-15-0x000001FB1FEC0000-0x000001FB1FED0000-memory.dmp

Filesize
64KB

Download
memory/2428-16-0x000001FB1FED0000-0x000001FB1FEE0000-memory.dmp

Filesize
64KB

Download
memory/2428-19-0x000001FB1FEF0000-0x000001FB1FF00000-memory.dmp

Filesize
64KB

Download
memory/2428-18-0x000001FB1FEE0000-0x000001FB1FEF0000-memory.dmp

Filesize
64KB

Download
memory/2428-21-0x000001FB1FF00000-0x000001FB1FF10000-memory.dmp

Filesize
64KB

Download
memory/2428-23-0x000001FB1FF10000-0x000001FB1FF20000-memory.dmp

Filesize
64KB

Download
memory/2428-25-0x000001FB1FF20000-0x000001FB1FF30000-memory.dmp

Filesize
64KB

Download
memory/2428-28-0x000001FB1FF30000-0x000001FB1FF40000-memory.dmp

Filesize
64KB

Download
memory/2428-33-0x000001FB1FF40000-0x000001FB1FF50000-memory.dmp

Filesize
64KB

Download
memory/2428-35-0x000001FB1E370000-0x000001FB1E371000-memory.dmp

Filesize
4KB

Download
memory/2428-39-0x000001FB1FF60000-0x000001FB1FF70000-memory.dmp

Filesize
64KB

Download
memory/2428-38-0x000001FB1FF50000-0x000001FB1FF60000-memory.dmp

Filesize
64KB

Download
memory/2428-37-0x000001FB1FC50000-0x000001FB1FEC0000-memory.dmp

Filesize
2.4MB

Download
memory/2428-44-0x000001FB1FF70000-0x000001FB1FF80000-memory.dmp

Filesize
64KB

Download
memory/2428-43-0x000001FB1FED0000-0x000001FB1FEE0000-memory.dmp

Filesize
64KB

Download
memory/2428-42-0x000001FB1FEC0000-0x000001FB1FED0000-memory.dmp

Filesize
64KB

Download
memory/2428-46-0x000001FB1FF80000-0x000001FB1FF90000-memory.dmp

Filesize
64KB

Download
memory/2428-45-0x000001FB1FEE0000-0x000001FB1FEF0000-memory.dmp

Filesize
64KB

Download
memory/2428-49-0x000001FB1FEF0000-0x000001FB1FF00000-memory.dmp

Filesize
64KB

Download
memory/2428-53-0x000001FB1FFA0000-0x000001FB1FFB0000-memory.dmp

Filesize
64KB

Download
memory/2428-51-0x000001FB1FF00000-0x000001FB1FF10000-memory.dmp

Filesize
64KB

Download
memory/2428-55-0x000001FB1FFB0000-0x000001FB1FFC0000-memory.dmp

Filesize
64KB

Download
memory/2428-54-0x000001FB1FF10000-0x000001FB1FF20000-memory.dmp

Filesize
64KB

Download
memory/2428-50-0x000001FB1FF90000-0x000001FB1FFA0000-memory.dmp

Filesize
64KB

Download
memory/2428-59-0x000001FB1FFC0000-0x000001FB1FFD0000-memory.dmp

Filesize
64KB

Download
memory/2428-58-0x000001FB1FF20000-0x000001FB1FF30000-memory.dmp

Filesize
64KB

Download
memory/2428-62-0x000001FB1FFD0000-0x000001FB1FFE0000-memory.dmp

Filesize
64KB

Download
memory/2428-61-0x000001FB1FF30000-0x000001FB1FF40000-memory.dmp

Filesize
64KB

Download
memory/2428-66-0x000001FB1FF40000-0x000001FB1FF50000-memory.dmp

Filesize
64KB

Download
memory/2428-68-0x000001FB1FF50000-0x000001FB1FF60000-memory.dmp

Filesize
64KB

Download
memory/2428-69-0x000001FB1FF60000-0x000001FB1FF70000-memory.dmp

Filesize
64KB

Download
memory/2428-70-0x000001FB1FF70000-0x000001FB1FF80000-memory.dmp

Filesize
64KB

Download
memory/2428-71-0x000001FB1FF80000-0x000001FB1FF90000-memory.dmp

Filesize
64KB

Download
memory/2428-72-0x000001FB1FF90000-0x000001FB1FFA0000-memory.dmp

Filesize
64KB

Download
memory/2428-73-0x000001FB1FFE0000-0x000001FB1FFF0000-memory.dmp

Filesize
64KB

Download
memory/2428-76-0x000001FB1FFF0000-0x000001FB20000000-memory.dmp

Filesize
64KB

Download
memory/2428-75-0x000001FB1FFA0000-0x000001FB1FFB0000-memory.dmp

Filesize
64KB

Download
memory/2428-79-0x000001FB20000000-0x000001FB20010000-memory.dmp

Filesize
64KB

Download
memory/2428-78-0x000001FB1FFB0000-0x000001FB1FFC0000-memory.dmp

Filesize
64KB

Download
memory/2428-82-0x000001FB20010000-0x000001FB20020000-memory.dmp

Filesize
64KB

Download
memory/2428-81-0x000001FB1FFC0000-0x000001FB1FFD0000-memory.dmp

Filesize
64KB

Download
memory/2428-84-0x000001FB1FFD0000-0x000001FB1FFE0000-memory.dmp

Filesize
64KB

Download
memory/2428-85-0x000001FB20020000-0x000001FB20030000-memory.dmp

Filesize
64KB

Download
memory/2428-87-0x000001FB20030000-0x000001FB20040000-memory.dmp

Filesize
64KB

Download
memory/2428-89-0x000001FB20040000-0x000001FB20050000-memory.dmp

Filesize
64KB

Download
memory/2428-91-0x000001FB20050000-0x000001FB20060000-memory.dmp

Filesize
64KB

Download
memory/2428-93-0x000001FB20060000-0x000001FB20070000-memory.dmp

Filesize
64KB

Download
memory/2428-96-0x000001FB1FFE0000-0x000001FB1FFF0000-memory.dmp

Filesize
64KB

Download
memory/2428-97-0x000001FB20070000-0x000001FB20080000-memory.dmp

Filesize
64KB

Download
memory/2428-98-0x000001FB20080000-0x000001FB20090000-memory.dmp

Filesize
64KB

Download
memory/2428-100-0x000001FB1FFF0000-0x000001FB20000000-memory.dmp

Filesize
64KB

Download
memory/2428-101-0x000001FB20090000-0x000001FB200A0000-memory.dmp

Filesize
64KB

Download
memory/2428-103-0x000001FB20000000-0x000001FB20010000-memory.dmp

Filesize
64KB

Download
memory/2428-104-0x000001FB200A0000-0x000001FB200B0000-memory.dmp

Filesize
64KB

Download
memory/2428-119-0x000001FB1E370000-0x000001FB1E371000-memory.dmp

Filesize
4KB

Download
memory/2428-107-0x000001FB1E370000-0x000001FB1E371000-memory.dmp

Filesize
4KB

Download
memory/2428-105-0x000001FB1E370000-0x000001FB1E371000-memory.dmp

Filesize
4KB

Download
memory/2428-128-0x000001FB200B0000-0x000001FB200C0000-memory.dmp

Filesize
64KB

Download
memory/2428-127-0x000001FB20010000-0x000001FB20020000-memory.dmp

Filesize
64KB

Download
memory/2428-133-0x000001FB200C0000-0x000001FB200D0000-memory.dmp

Filesize
64KB

Download
memory/2428-132-0x000001FB200D0000-0x000001FB200E0000-memory.dmp

Filesize
64KB

Download
memory/2428-131-0x000001FB20020000-0x000001FB20030000-memory.dmp

Filesize
64KB

Download
memory/2428-136-0x000001FB20030000-0x000001FB20040000-memory.dmp

Filesize
64KB

Download
memory/2428-138-0x000001FB200F0000-0x000001FB20100000-memory.dmp

Filesize
64KB

Download
memory/2428-137-0x000001FB200E0000-0x000001FB200F0000-memory.dmp

Filesize
64KB

Download
memory/2428-141-0x000001FB20100000-0x000001FB20110000-memory.dmp

Filesize
64KB

Download
memory/2428-140-0x000001FB20040000-0x000001FB20050000-memory.dmp

Filesize
64KB

Download
memory/2428-144-0x000001FB20110000-0x000001FB20120000-memory.dmp

Filesize
64KB

Download
memory/2428-143-0x000001FB20050000-0x000001FB20060000-memory.dmp

Filesize
64KB

Download
memory/2428-147-0x000001FB20070000-0x000001FB20080000-memory.dmp

Filesize
64KB

Download
memory/2428-146-0x000001FB20060000-0x000001FB20070000-memory.dmp

Filesize
64KB

Download
memory/2428-148-0x000001FB20120000-0x000001FB20130000-memory.dmp

Filesize
64KB

Download
memory/2428-154-0x000001FB20150000-0x000001FB20160000-memory.dmp

Filesize
64KB

Download
memory/2428-153-0x000001FB20140000-0x000001FB20150000-memory.dmp

Filesize
64KB

Download
memory/2428-152-0x000001FB20130000-0x000001FB20140000-memory.dmp

Filesize
64KB

Download
memory/2428-168-0x000001FB1E370000-0x000001FB1E371000-memory.dmp

Filesize
4KB

Download
memory/2428-163-0x000001FB1E370000-0x000001FB1E371000-memory.dmp

Filesize
4KB

Download
memory/2428-162-0x000001FB1E370000-0x000001FB1E371000-memory.dmp

Filesize
4KB

Download
memory/2428-177-0x000001FB20080000-0x000001FB20090000-memory.dmp

Filesize
64KB

Download
memory/2428-178-0x000001FB20160000-0x000001FB20170000-memory.dmp

Filesize
64KB

Download
memory/2428-180-0x000001FB20090000-0x000001FB200A0000-memory.dmp

Filesize
64KB

Download
memory/2428-181-0x000001FB20170000-0x000001FB20180000-memory.dmp

Filesize
64KB

Download
memory/2428-184-0x000001FB20180000-0x000001FB20190000-memory.dmp

Filesize
64KB

Download
memory/2428-183-0x000001FB200A0000-0x000001FB200B0000-memory.dmp

Filesize
64KB

Download
memory/2428-188-0x000001FB20190000-0x000001FB201A0000-memory.dmp

Filesize
64KB

Download
memory/2428-187-0x000001FB200B0000-0x000001FB200C0000-memory.dmp

Filesize
64KB

Download
memory/2428-196-0x000001FB201A0000-0x000001FB201B0000-memory.dmp

Filesize
64KB

Download
memory/2428-195-0x000001FB200C0000-0x000001FB200D0000-memory.dmp

Filesize
64KB

Download
memory/2428-194-0x000001FB200D0000-0x000001FB200E0000-memory.dmp

Filesize
64KB

Download
memory/2428-200-0x000001FB200F0000-0x000001FB20100000-memory.dmp

Filesize
64KB

Download
memory/2428-201-0x000001FB201B0000-0x000001FB201C0000-memory.dmp

Filesize
64KB

Download
memory/2428-199-0x000001FB200E0000-0x000001FB200F0000-memory.dmp

Filesize
64KB

Download
memory/2428-204-0x000001FB201C0000-0x000001FB201D0000-memory.dmp

Filesize
64KB

Download
memory/2428-203-0x000001FB20100000-0x000001FB20110000-memory.dmp

Filesize
64KB

Download
memory/2428-211-0x000001FB201E0000-0x000001FB201F0000-memory.dmp

Filesize
64KB

Download
memory/2428-210-0x000001FB20110000-0x000001FB20120000-memory.dmp

Filesize
64KB

Download
memory/2428-213-0x000001FB20120000-0x000001FB20130000-memory.dmp

Filesize
64KB

Download
memory/2428-214-0x000001FB20200000-0x000001FB20210000-memory.dmp

Filesize
64KB

Download
memory/2428-218-0x000001FB201D0000-0x000001FB201E0000-memory.dmp

Filesize
64KB

Download
memory/2428-217-0x000001FB20150000-0x000001FB20160000-memory.dmp

Filesize
64KB

Download
memory/2428-216-0x000001FB20140000-0x000001FB20150000-memory.dmp

Filesize
64KB

Download
memory/2428-215-0x000001FB20130000-0x000001FB20140000-memory.dmp

Filesize
64KB

Download