81251cbd72094f75056b05667727b5237922810be7750210678af5b4ca5aec83

Analysis

max time kernel
15s
max time network
16s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-08-2024 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

launch.bat
Size

50B
MD5

11f888c721558d771d9d7e203146102e
SHA1

87b76b891ea646de40798dcd2522065f68aaea0d
SHA256

9fd1f058d59563dd1dd723608304d989f5ee91b20166755b77a8aa87c795e295
SHA512

6023860eeca2a817b3c4866ec74e39bce008a16f6a6fc11bfc63acc2d346f371af579b9ffc2655ad953e2379d3edefb4f1ad658bf2dd99ce7f87efe7407d33bd

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
824	icacls.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 4288	2064	cmd.exe	74
PID 2064 wrote to memory of 4288	2064	cmd.exe	74
PID 4288 wrote to memory of 824	4288	java.exe	75
PID 4288 wrote to memory of 824	4288	java.exe	75

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\launch.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -jar Adjust.jar
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4288
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
bdd80cdec28e4eb692a4677eec596a0f

SHA1
eff8adf0216d54a96bdc8cb301335a3d11c70c48

SHA256
c28797292f995302d0145cb1181a83d417e0163bf5d5b57bab189b575a03d539

SHA512
d6215ee7a1cb2d2430c06fb13f4eb5910492d84425822957db9001c75479c38a79ba97431e0146ba1a864c04efcd4664c61fe979a0678606d1a3e2ab5116bfda

Download Submit
memory/4288-2-0x0000019397320000-0x0000019397590000-memory.dmp

Filesize
2.4MB

Download
memory/4288-12-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-15-0x0000019397590000-0x00000193975A0000-memory.dmp

Filesize
64KB

Download
memory/4288-16-0x00000193975A0000-0x00000193975B0000-memory.dmp

Filesize
64KB

Download
memory/4288-18-0x00000193975B0000-0x00000193975C0000-memory.dmp

Filesize
64KB

Download
memory/4288-21-0x00000193975C0000-0x00000193975D0000-memory.dmp

Filesize
64KB

Download
memory/4288-22-0x00000193975D0000-0x00000193975E0000-memory.dmp

Filesize
64KB

Download
memory/4288-24-0x00000193975E0000-0x00000193975F0000-memory.dmp

Filesize
64KB

Download
memory/4288-26-0x00000193975F0000-0x0000019397600000-memory.dmp

Filesize
64KB

Download
memory/4288-29-0x0000019397600000-0x0000019397610000-memory.dmp

Filesize
64KB

Download
memory/4288-33-0x0000019397620000-0x0000019397630000-memory.dmp

Filesize
64KB

Download
memory/4288-32-0x0000019397610000-0x0000019397620000-memory.dmp

Filesize
64KB

Download
memory/4288-37-0x0000019397640000-0x0000019397650000-memory.dmp

Filesize
64KB

Download
memory/4288-36-0x0000019397630000-0x0000019397640000-memory.dmp

Filesize
64KB

Download
memory/4288-38-0x0000019397320000-0x0000019397590000-memory.dmp

Filesize
2.4MB

Download
memory/4288-40-0x0000019397650000-0x0000019397660000-memory.dmp

Filesize
64KB

Download
memory/4288-39-0x0000019397590000-0x00000193975A0000-memory.dmp

Filesize
64KB

Download
memory/4288-44-0x0000019397660000-0x0000019397670000-memory.dmp

Filesize
64KB

Download
memory/4288-51-0x0000019397670000-0x0000019397680000-memory.dmp

Filesize
64KB

Download
memory/4288-50-0x00000193975A0000-0x00000193975B0000-memory.dmp

Filesize
64KB

Download
memory/4288-56-0x00000193975C0000-0x00000193975D0000-memory.dmp

Filesize
64KB

Download
memory/4288-58-0x0000019397690000-0x00000193976A0000-memory.dmp

Filesize
64KB

Download
memory/4288-57-0x00000193975D0000-0x00000193975E0000-memory.dmp

Filesize
64KB

Download
memory/4288-55-0x0000019397680000-0x0000019397690000-memory.dmp

Filesize
64KB

Download
memory/4288-53-0x00000193975B0000-0x00000193975C0000-memory.dmp

Filesize
64KB

Download
memory/4288-59-0x00000193975E0000-0x00000193975F0000-memory.dmp

Filesize
64KB

Download
memory/4288-61-0x00000193976A0000-0x00000193976B0000-memory.dmp

Filesize
64KB

Download
memory/4288-62-0x00000193975F0000-0x0000019397600000-memory.dmp

Filesize
64KB

Download
memory/4288-63-0x00000193976B0000-0x00000193976C0000-memory.dmp

Filesize
64KB

Download
memory/4288-66-0x0000019397600000-0x0000019397610000-memory.dmp

Filesize
64KB

Download
memory/4288-67-0x00000193976C0000-0x00000193976D0000-memory.dmp

Filesize
64KB

Download
memory/4288-69-0x0000019397610000-0x0000019397620000-memory.dmp

Filesize
64KB

Download
memory/4288-72-0x00000193976D0000-0x00000193976E0000-memory.dmp

Filesize
64KB

Download
memory/4288-71-0x0000019397640000-0x0000019397650000-memory.dmp

Filesize
64KB

Download
memory/4288-70-0x0000019397620000-0x0000019397630000-memory.dmp

Filesize
64KB

Download
memory/4288-73-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-75-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-78-0x0000019397630000-0x0000019397640000-memory.dmp

Filesize
64KB

Download
memory/4288-79-0x00000193976E0000-0x00000193976F0000-memory.dmp

Filesize
64KB

Download
memory/4288-82-0x0000019397650000-0x0000019397660000-memory.dmp

Filesize
64KB

Download
memory/4288-83-0x00000193976F0000-0x0000019397700000-memory.dmp

Filesize
64KB

Download
memory/4288-85-0x0000019397660000-0x0000019397670000-memory.dmp

Filesize
64KB

Download
memory/4288-86-0x0000019397700000-0x0000019397710000-memory.dmp

Filesize
64KB

Download
memory/4288-88-0x0000019397670000-0x0000019397680000-memory.dmp

Filesize
64KB

Download
memory/4288-89-0x0000019397710000-0x0000019397720000-memory.dmp

Filesize
64KB

Download
memory/4288-91-0x0000019397680000-0x0000019397690000-memory.dmp

Filesize
64KB

Download
memory/4288-92-0x0000019397720000-0x0000019397730000-memory.dmp

Filesize
64KB

Download
memory/4288-99-0x0000019397740000-0x0000019397750000-memory.dmp

Filesize
64KB

Download
memory/4288-98-0x0000019397730000-0x0000019397740000-memory.dmp

Filesize
64KB

Download
memory/4288-97-0x0000019397690000-0x00000193976A0000-memory.dmp

Filesize
64KB

Download
memory/4288-119-0x00000193976A0000-0x00000193976B0000-memory.dmp

Filesize
64KB

Download
memory/4288-122-0x0000019397760000-0x0000019397770000-memory.dmp

Filesize
64KB

Download
memory/4288-121-0x00000193976B0000-0x00000193976C0000-memory.dmp

Filesize
64KB

Download
memory/4288-120-0x0000019397750000-0x0000019397760000-memory.dmp

Filesize
64KB

Download
memory/4288-125-0x00000193976C0000-0x00000193976D0000-memory.dmp

Filesize
64KB

Download
memory/4288-127-0x0000019397780000-0x0000019397790000-memory.dmp

Filesize
64KB

Download
memory/4288-126-0x0000019397770000-0x0000019397780000-memory.dmp

Filesize
64KB

Download
memory/4288-130-0x00000193976D0000-0x00000193976E0000-memory.dmp

Filesize
64KB

Download
memory/4288-131-0x0000019397790000-0x00000193977A0000-memory.dmp

Filesize
64KB

Download
memory/4288-133-0x00000193976E0000-0x00000193976F0000-memory.dmp

Filesize
64KB

Download
memory/4288-134-0x00000193977A0000-0x00000193977B0000-memory.dmp

Filesize
64KB

Download
memory/4288-135-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-140-0x00000193977B0000-0x00000193977C0000-memory.dmp

Filesize
64KB

Download
memory/4288-139-0x00000193976F0000-0x0000019397700000-memory.dmp

Filesize
64KB

Download
memory/4288-149-0x00000193977C0000-0x00000193977D0000-memory.dmp

Filesize
64KB

Download
memory/4288-147-0x0000019397700000-0x0000019397710000-memory.dmp

Filesize
64KB

Download
memory/4288-151-0x00000193977E0000-0x00000193977F0000-memory.dmp

Filesize
64KB

Download
memory/4288-150-0x0000019397710000-0x0000019397720000-memory.dmp

Filesize
64KB

Download
memory/4288-158-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-163-0x0000019397720000-0x0000019397730000-memory.dmp

Filesize
64KB

Download
memory/4288-164-0x00000193977F0000-0x0000019397800000-memory.dmp

Filesize
64KB

Download
memory/4288-170-0x0000019397800000-0x0000019397810000-memory.dmp

Filesize
64KB

Download
memory/4288-169-0x0000019397750000-0x0000019397760000-memory.dmp

Filesize
64KB

Download
memory/4288-168-0x0000019397740000-0x0000019397750000-memory.dmp

Filesize
64KB

Download
memory/4288-167-0x0000019397730000-0x0000019397740000-memory.dmp

Filesize
64KB

Download
memory/4288-172-0x0000019397810000-0x0000019397820000-memory.dmp

Filesize
64KB

Download
memory/4288-175-0x0000019397760000-0x0000019397770000-memory.dmp

Filesize
64KB

Download
memory/4288-176-0x0000019397820000-0x0000019397830000-memory.dmp

Filesize
64KB

Download
memory/4288-180-0x0000019397830000-0x0000019397840000-memory.dmp

Filesize
64KB

Download
memory/4288-179-0x0000019397780000-0x0000019397790000-memory.dmp

Filesize
64KB

Download
memory/4288-178-0x0000019397770000-0x0000019397780000-memory.dmp

Filesize
64KB

Download
memory/4288-183-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-186-0x0000019397840000-0x0000019397850000-memory.dmp

Filesize
64KB

Download
memory/4288-185-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-184-0x0000019397790000-0x00000193977A0000-memory.dmp

Filesize
64KB

Download
memory/4288-203-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-204-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-206-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-208-0x0000019397850000-0x0000019397860000-memory.dmp

Filesize
64KB

Download
memory/4288-207-0x00000193977A0000-0x00000193977B0000-memory.dmp

Filesize
64KB

Download
memory/4288-212-0x0000019395B10000-0x0000019395B11000-memory.dmp

Filesize
4KB

Download
memory/4288-213-0x0000019397320000-0x0000019397590000-memory.dmp

Filesize
2.4MB

Download
memory/4288-228-0x0000019397670000-0x0000019397680000-memory.dmp

Filesize
64KB

Download
memory/4288-227-0x0000019397660000-0x0000019397670000-memory.dmp

Filesize
64KB

Download
memory/4288-226-0x0000019397650000-0x0000019397660000-memory.dmp

Filesize
64KB

Download
memory/4288-225-0x0000019397690000-0x00000193976A0000-memory.dmp

Filesize
64KB

Download
memory/4288-224-0x0000019397630000-0x0000019397640000-memory.dmp

Filesize
64KB

Download
memory/4288-223-0x0000019397620000-0x0000019397630000-memory.dmp

Filesize
64KB

Download
memory/4288-222-0x0000019397610000-0x0000019397620000-memory.dmp

Filesize
64KB

Download
memory/4288-221-0x0000019397600000-0x0000019397610000-memory.dmp

Filesize
64KB

Download
memory/4288-220-0x00000193975F0000-0x0000019397600000-memory.dmp

Filesize
64KB

Download
memory/4288-219-0x00000193975E0000-0x00000193975F0000-memory.dmp

Filesize
64KB

Download
memory/4288-218-0x00000193975D0000-0x00000193975E0000-memory.dmp

Filesize
64KB

Download
memory/4288-217-0x00000193975C0000-0x00000193975D0000-memory.dmp

Filesize
64KB

Download
memory/4288-216-0x00000193975B0000-0x00000193975C0000-memory.dmp

Filesize
64KB

Download
memory/4288-215-0x0000019397590000-0x00000193975A0000-memory.dmp

Filesize
64KB

Download
memory/4288-214-0x00000193975A0000-0x00000193975B0000-memory.dmp

Filesize
64KB

Download