94034255f021a3f7965cc56590d2b2581674a590d3c40c9de9ee86433bcdd8f1

Analysis

max time kernel
121s
max time network
138s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
08/09/2024, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

config.arm64_v8a.jar
Size

27.9MB
MD5

5cb189219349b39018f996cf6e1e660b
SHA1

f4c4e5a9b81292c0758e04a823d5e19f3d634934
SHA256

2724fba338b6ccbc51aeb1f1112e11d975f62df5c2db3a3763e6693bdecf9575
SHA512

5a2386d5aefed6a5ebe880fb2ac3000fd2d082d8eb91a31f83cc96e014b50be1d4a41d98c0f50fae6d87e9612c56c03afa1b70722d38c80b1aab607089187390
SSDEEP

196608:tfa3V4nUejIiU4eXHFyKAsNF7+36f9YHjtWgHBpawQtnsPyvbuqtJKtseIJ:tcV4npI/pVyKfc3SY5WgHBpC9totseIJ

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1292	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 1292	3824	java.exe	71
PID 3824 wrote to memory of 1292	3824	java.exe	71

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\config.arm64_v8a.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
5aa5818b68638d19adfca7ff8729b702

SHA1
33672b4cae605c11fbc079e7b4aecc8075cb9654

SHA256
7591a87e8f78060db068f5338208e299d330a48f18f24b7900ab236cfefed562

SHA512
d173487899c52296d6b6e1906a29f692f61f6d874b0f5ca53c6d41dc8827b3f41bcbed9e2b926ca06fefbccaf8bb22276f593d0abe1f84f1fa0c3b000e5ed729

Download Submit
memory/3824-2-0x0000027E95330000-0x0000027E955A0000-memory.dmp

Filesize
2.4MB

Download
memory/3824-12-0x0000027E93B30000-0x0000027E93B31000-memory.dmp

Filesize
4KB

Download
memory/3824-13-0x0000027E95330000-0x0000027E955A0000-memory.dmp

Filesize
2.4MB

Download