b50bbb4b93fd8ef7a2876b3743dfda6945e9011f406e71b41897244b0b836467

Analysis

max time kernel
123s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10-08-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

087a3b87252a021f6f3696f496d4fd890f28fc31735d8f850aa1184ed7bf59c9.jar
Size

275KB
MD5

37d9c9c214040d54e8d7219b851ca3f2
SHA1

ea8f7ea6f0e3dd53d06c8fc4b7a956ec0642051f
SHA256

087a3b87252a021f6f3696f496d4fd890f28fc31735d8f850aa1184ed7bf59c9
SHA512

668b42f6f187232bdccf65714904d5e0e64ac792d7264262dc50fe4d5e42149b3b433a5020c0c2460c8ee4e4df4b33122545319c352ceee1577be09cf3b4530e
SSDEEP

384:jx+mssvoys0HC4bKgOA1lZJXk0oHA/lpk7TcADrKL1VR3Im:jjs+aoCPbA1rJXuH+2EADrcd3

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsdef.jar	java.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsdep.jar	java.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2756	icacls.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
1324	tasklist.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	java.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4060	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1324	tasklist.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5028	java.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 2756	5028	java.exe	75
PID 5028 wrote to memory of 2756	5028	java.exe	75
PID 5028 wrote to memory of 1324	5028	java.exe	77
PID 5028 wrote to memory of 1324	5028	java.exe	77
PID 5028 wrote to memory of 4060	5028	java.exe	80
PID 5028 wrote to memory of 4060	5028	java.exe	80
PID 5028 wrote to memory of 3544	5028	java.exe	81
PID 5028 wrote to memory of 3544	5028	java.exe	81

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\087a3b87252a021f6f3696f496d4fd890f28fc31735d8f850aa1184ed7bf59c9.jar
1⤵
- Drops startup file
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2756
- C:\Windows\SYSTEM32\tasklist.exe
  tasklist.exe
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1324
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Microsoft\087a3b87252a021f6f3696f496d4fd890f28fc31735d8f850aa1184ed7bf59c9.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4060
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -jar C:\Users\Admin\AppData\Roaming\Microsoft\res.jar
  2⤵
  PID:3544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Process Discovery

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
5110c466ad9db869e9c3fc058f67326d

SHA1
7d7fd7e97b9a92b8c188b2a1d2e454cdabd293fd

SHA256
46b072c3d27bb1d9f4e94530996bba84c7391642f44791bf6ff503e3a0949c9e

SHA512
8546f70bd203025e6bc5588ef66c9c112e5513da25bf0ebecb8d55556ca0f36e3904ceb711e66dcd9b7e00dbbd8b1eb871452adc0240efe38667bf6fc94bf6b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\neft2.txt

Filesize
810B

MD5
acc02978471f658a75a3f6a4fd9353b0

SHA1
31eb221afcd84963f70c98f23a6d292a225d9b8d

SHA256
7690ec61aba7496ddda1aa248510d99dee886ead9479ff1d1e1b93c682d7922a

SHA512
9efa955528a869d66f8a8e408340606456d7da7a5578a92e37195d709b5829d307d98cb1488bacd786f94cb5a9dcc8cf63fcae2140599da0f4fdabd4204a30b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\res.jar

Filesize
525KB

MD5
cdb982565c7abd0cd6840eb53d7090de

SHA1
a986486e425f78576083820baed5567ff68992f5

SHA256
7c85bc4dfad7e620ca79fe79804e83fec0233f2432639cd02ccb3dbe1f8cef72

SHA512
26f641a18683820ccd8771d6bff0f03bfc15bbf21c2ea18ee450d28d2461a4fd5b5bd81b985c0129160d568d316a040831d886a6cc2f29901526b74afc54cddf

Download Submit
memory/3544-188-0x000001F935730000-0x000001F935731000-memory.dmp

Filesize
4KB

Download
memory/5028-2-0x000001BEEC7C0000-0x000001BEECA30000-memory.dmp

Filesize
2.4MB

Download
memory/5028-14-0x000001BEECA30000-0x000001BEECA40000-memory.dmp

Filesize
64KB

Download
memory/5028-15-0x000001BEECA40000-0x000001BEECA50000-memory.dmp

Filesize
64KB

Download
memory/5028-16-0x000001BEEC7A0000-0x000001BEEC7A1000-memory.dmp

Filesize
4KB

Download
memory/5028-18-0x000001BEECA50000-0x000001BEECA60000-memory.dmp

Filesize
64KB

Download
memory/5028-21-0x000001BEECA60000-0x000001BEECA70000-memory.dmp

Filesize
64KB

Download
memory/5028-23-0x000001BEECA70000-0x000001BEECA80000-memory.dmp

Filesize
64KB

Download
memory/5028-25-0x000001BEECA80000-0x000001BEECA90000-memory.dmp

Filesize
64KB

Download
memory/5028-26-0x000001BEECA90000-0x000001BEECAA0000-memory.dmp

Filesize
64KB

Download
memory/5028-29-0x000001BEECAA0000-0x000001BEECAB0000-memory.dmp

Filesize
64KB

Download
memory/5028-30-0x000001BEECAB0000-0x000001BEECAC0000-memory.dmp

Filesize
64KB

Download
memory/5028-33-0x000001BEECAC0000-0x000001BEECAD0000-memory.dmp

Filesize
64KB

Download
memory/5028-36-0x000001BEEC7C0000-0x000001BEECA30000-memory.dmp

Filesize
2.4MB

Download
memory/5028-41-0x000001BEECA40000-0x000001BEECA50000-memory.dmp

Filesize
64KB

Download
memory/5028-40-0x000001BEECA30000-0x000001BEECA40000-memory.dmp

Filesize
64KB

Download
memory/5028-39-0x000001BEECAF0000-0x000001BEECB00000-memory.dmp

Filesize
64KB

Download
memory/5028-38-0x000001BEECAE0000-0x000001BEECAF0000-memory.dmp

Filesize
64KB

Download
memory/5028-37-0x000001BEECAD0000-0x000001BEECAE0000-memory.dmp

Filesize
64KB

Download
memory/5028-43-0x000001BEECA50000-0x000001BEECA60000-memory.dmp

Filesize
64KB

Download
memory/5028-44-0x000001BEECB00000-0x000001BEECB10000-memory.dmp

Filesize
64KB

Download
memory/5028-47-0x000001BEECA60000-0x000001BEECA70000-memory.dmp

Filesize
64KB

Download
memory/5028-50-0x000001BEECA70000-0x000001BEECA80000-memory.dmp

Filesize
64KB

Download
memory/5028-49-0x000001BEECB20000-0x000001BEECB30000-memory.dmp

Filesize
64KB

Download
memory/5028-48-0x000001BEECB10000-0x000001BEECB20000-memory.dmp

Filesize
64KB

Download
memory/5028-54-0x000001BEECB30000-0x000001BEECB40000-memory.dmp

Filesize
64KB

Download
memory/5028-53-0x000001BEECA80000-0x000001BEECA90000-memory.dmp

Filesize
64KB

Download
memory/5028-56-0x000001BEECB40000-0x000001BEECB50000-memory.dmp

Filesize
64KB

Download
memory/5028-55-0x000001BEECA90000-0x000001BEECAA0000-memory.dmp

Filesize
64KB

Download
memory/5028-60-0x000001BEECAA0000-0x000001BEECAB0000-memory.dmp

Filesize
64KB

Download
memory/5028-61-0x000001BEECB50000-0x000001BEECB60000-memory.dmp

Filesize
64KB

Download
memory/5028-67-0x000001BEECB60000-0x000001BEECB70000-memory.dmp

Filesize
64KB

Download
memory/5028-66-0x000001BEECAB0000-0x000001BEECAC0000-memory.dmp

Filesize
64KB

Download
memory/5028-71-0x000001BEECAC0000-0x000001BEECAD0000-memory.dmp

Filesize
64KB

Download
memory/5028-73-0x000001BEECAD0000-0x000001BEECAE0000-memory.dmp

Filesize
64KB

Download
memory/5028-75-0x000001BEECB80000-0x000001BEECB90000-memory.dmp

Filesize
64KB

Download
memory/5028-74-0x000001BEECAE0000-0x000001BEECAF0000-memory.dmp

Filesize
64KB

Download
memory/5028-72-0x000001BEECB70000-0x000001BEECB80000-memory.dmp

Filesize
64KB

Download
memory/5028-78-0x000001BEECAF0000-0x000001BEECB00000-memory.dmp

Filesize
64KB

Download
memory/5028-79-0x000001BEECB90000-0x000001BEECBA0000-memory.dmp

Filesize
64KB

Download
memory/5028-81-0x000001BEECBA0000-0x000001BEECBB0000-memory.dmp

Filesize
64KB

Download
memory/5028-80-0x000001BEECB00000-0x000001BEECB10000-memory.dmp

Filesize
64KB

Download
memory/5028-85-0x000001BEECBB0000-0x000001BEECBC0000-memory.dmp

Filesize
64KB

Download
memory/5028-84-0x000001BEECB10000-0x000001BEECB20000-memory.dmp

Filesize
64KB

Download
memory/5028-86-0x000001BEECB20000-0x000001BEECB30000-memory.dmp

Filesize
64KB

Download
memory/5028-87-0x000001BEECBC0000-0x000001BEECBD0000-memory.dmp

Filesize
64KB

Download
memory/5028-89-0x000001BEEC7A0000-0x000001BEEC7A1000-memory.dmp

Filesize
4KB

Download
memory/5028-104-0x000001BEECBD0000-0x000001BEECBE0000-memory.dmp

Filesize
64KB

Download
memory/5028-103-0x000001BEECB30000-0x000001BEECB40000-memory.dmp

Filesize
64KB

Download
memory/5028-108-0x000001BEEC7A0000-0x000001BEEC7A1000-memory.dmp

Filesize
4KB

Download
memory/5028-110-0x000001BEEC7A0000-0x000001BEEC7A1000-memory.dmp

Filesize
4KB

Download
memory/5028-111-0x000001BEECB40000-0x000001BEECB50000-memory.dmp

Filesize
64KB

Download
memory/5028-114-0x000001BEECB50000-0x000001BEECB60000-memory.dmp

Filesize
64KB

Download
memory/5028-115-0x000001BEEC7A0000-0x000001BEEC7A1000-memory.dmp

Filesize
4KB

Download
memory/5028-119-0x000001BEECB70000-0x000001BEECB80000-memory.dmp

Filesize
64KB

Download
memory/5028-118-0x000001BEECB60000-0x000001BEECB70000-memory.dmp

Filesize
64KB

Download
memory/5028-123-0x000001BEEC7A0000-0x000001BEEC7A1000-memory.dmp

Filesize
4KB

Download
memory/5028-126-0x000001BEECB80000-0x000001BEECB90000-memory.dmp

Filesize
64KB

Download
memory/5028-128-0x000001BEECB90000-0x000001BEECBA0000-memory.dmp

Filesize
64KB

Download
memory/5028-129-0x000001BEECBA0000-0x000001BEECBB0000-memory.dmp

Filesize
64KB

Download
memory/5028-131-0x000001BEECBB0000-0x000001BEECBC0000-memory.dmp

Filesize
64KB

Download
memory/5028-132-0x000001BEECBC0000-0x000001BEECBD0000-memory.dmp

Filesize
64KB

Download
memory/5028-133-0x000001BEECBD0000-0x000001BEECBE0000-memory.dmp

Filesize
64KB

Download
memory/5028-142-0x000001BEEC7A0000-0x000001BEEC7A1000-memory.dmp

Filesize
4KB

Download
memory/5028-180-0x000001BEECB70000-0x000001BEECB80000-memory.dmp

Filesize
64KB

Download
memory/5028-157-0x000001BEEC7A0000-0x000001BEEC7A1000-memory.dmp

Filesize
4KB

Download
memory/5028-179-0x000001BEECB80000-0x000001BEECB90000-memory.dmp

Filesize
64KB

Download
memory/5028-185-0x000001BEECBD0000-0x000001BEECBE0000-memory.dmp

Filesize
64KB

Download
memory/5028-184-0x000001BEECBC0000-0x000001BEECBD0000-memory.dmp

Filesize
64KB

Download
memory/5028-183-0x000001BEECBB0000-0x000001BEECBC0000-memory.dmp

Filesize
64KB

Download
memory/5028-182-0x000001BEECBA0000-0x000001BEECBB0000-memory.dmp

Filesize
64KB

Download
memory/5028-181-0x000001BEECB90000-0x000001BEECBA0000-memory.dmp

Filesize
64KB

Download
memory/5028-178-0x000001BEECB60000-0x000001BEECB70000-memory.dmp

Filesize
64KB

Download
memory/5028-177-0x000001BEECB50000-0x000001BEECB60000-memory.dmp

Filesize
64KB

Download
memory/5028-176-0x000001BEECB40000-0x000001BEECB50000-memory.dmp

Filesize
64KB

Download
memory/5028-175-0x000001BEECB30000-0x000001BEECB40000-memory.dmp

Filesize
64KB

Download
memory/5028-174-0x000001BEECA60000-0x000001BEECA70000-memory.dmp

Filesize
64KB

Download
memory/5028-173-0x000001BEECB10000-0x000001BEECB20000-memory.dmp

Filesize
64KB

Download
memory/5028-172-0x000001BEECB00000-0x000001BEECB10000-memory.dmp

Filesize
64KB

Download
memory/5028-171-0x000001BEEC7C0000-0x000001BEECA30000-memory.dmp

Filesize
2.4MB

Download
memory/5028-170-0x000001BEECAE0000-0x000001BEECAF0000-memory.dmp

Filesize
64KB

Download
memory/5028-169-0x000001BEECAD0000-0x000001BEECAE0000-memory.dmp

Filesize
64KB

Download
memory/5028-168-0x000001BEECAC0000-0x000001BEECAD0000-memory.dmp

Filesize
64KB

Download
memory/5028-167-0x000001BEECAB0000-0x000001BEECAC0000-memory.dmp

Filesize
64KB

Download
memory/5028-166-0x000001BEECAA0000-0x000001BEECAB0000-memory.dmp

Filesize
64KB

Download
memory/5028-165-0x000001BEECA90000-0x000001BEECAA0000-memory.dmp

Filesize
64KB

Download
memory/5028-164-0x000001BEECA80000-0x000001BEECA90000-memory.dmp

Filesize
64KB

Download
memory/5028-163-0x000001BEECA70000-0x000001BEECA80000-memory.dmp

Filesize
64KB

Download
memory/5028-162-0x000001BEECB20000-0x000001BEECB30000-memory.dmp

Filesize
64KB

Download
memory/5028-161-0x000001BEECA50000-0x000001BEECA60000-memory.dmp

Filesize
64KB

Download
memory/5028-160-0x000001BEECA40000-0x000001BEECA50000-memory.dmp

Filesize
64KB

Download
memory/5028-159-0x000001BEECA30000-0x000001BEECA40000-memory.dmp

Filesize
64KB

Download
memory/5028-158-0x000001BEECAF0000-0x000001BEECB00000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads