Overview

overview

7

Static

static

3

jre/Welcome.html

windows10-1703-x64

3

jre/bin/JA...32.dll

windows10-1703-x64

3

jre/bin/JA...ge.dll

windows10-1703-x64

3

jre/bin/Ja...32.dll

windows10-1703-x64

3

jre/bin/Ja...ge.dll

windows10-1703-x64

3

jre/bin/Wi...32.dll

windows10-1703-x64

3

jre/bin/Wi...ge.dll

windows10-1703-x64

3

jre/bin/awt.dll

windows10-1703-x64

3

jre/bin/bci.dll

windows10-1703-x64

3

jre/bin/cl...vm.dll

windows10-1703-x64

3

jre/bin/dcpr.dll

windows10-1703-x64

3

jre/bin/de...se.dll

windows10-1703-x64

3

jre/bin/deploy.dll

windows10-1703-x64

3

jre/bin/dt_shmem.dll

windows10-1703-x64

3

jre/bin/dt_socket.dll

windows10-1703-x64

3

jre/bin/dt...a1.dll

windows10-1703-x64

3

jre/bin/dt...a1.dll

windows10-1703-x64

3

jre/bin/eula.dll

windows10-1703-x64

3

jre/bin/fo...er.dll

windows10-1703-x64

3

jre/bin/fxplugins.dll

windows10-1703-x64

3

jre/bin/glass.dll

windows10-1703-x64

3

jre/bin/glib-lite.dll

windows10-1703-x64

3

jre/bin/gs...te.dll

windows10-1703-x64

3

jre/bin/hprof.dll

windows10-1703-x64

3

jre/bin/in...nt.dll

windows10-1703-x64

3

jre/bin/j2pcsc.dll

windows10-1703-x64

3

jre/bin/j2pkcs11.dll

windows10-1703-x64

3

jre/bin/jaas_nt.dll

windows10-1703-x64

3

jre/bin/jabswitch.exe

windows10-1703-x64

3

jre/lib/javaws.jar

windows10-1703-x64

7

jre/lib/jce.jar

windows10-1703-x64

7

jre/lib/jfr.jar

windows10-1703-x64

7

Analysis

  • max time kernel
    191s
  • max time network
    271s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29-08-2024 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jre/lib/jfr.jar

  • Size

    547KB

  • MD5

    ccb395235c35c3acba592b21138cc6ab

  • SHA1

    29c463aa4780f13e77fb08cc151f68ca2b2958d5

  • SHA256

    27ad8ea5192ee2d91ba7a0eace9843cb19f5e145259466158c2f48c971eb7b8f

  • SHA512

    d4c330741387f62dd6e52b41167cb11abd8615675fe7e1c14ae05a52f87a348cbc64b56866ae313b2906b33ce98be73681f769a4a54f6fe9a7d056f88cf9a4e1

  • SSDEEP

    12288:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cD:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f3

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\jre\lib\jfr.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:64
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    1cb5dc74c1f7dd2bf7e9d114d81833db

    SHA1

    069bac7238dcd39a2b193d0b747336c11ccfb18c

    SHA256

    c7abd25ed425f5b3b356bc1c9c9531ef9885282e4ca474b0e728ddc3ba1cb4ed

    SHA512

    89cad5ffc75ab93ab12fe511d952e37d0108e41e900500cb7e54ad75cdf19fffeb663d29682a7b54d89238ac6b36d0f554707c37229ac8b2f4b47a4b1765c70d

    Download Submit

  • memory/64-2-0x0000015D9BB10000-0x0000015D9BD80000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/64-12-0x0000015D9A340000-0x0000015D9A341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/64-13-0x0000015D9BB10000-0x0000015D9BD80000-memory.dmp

    Filesize

    2.4MB

    Download