c265f04f075e27e91611d7e88119823702801684bf39e48ca5c0a2232f994ece

Analysis

max time kernel
145s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/03/2025, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sorillus/Start.bat
Size

60B
MD5

70c54cd2b9eaaab7ee387b2fa0c0fb4a
SHA1

7b16e52597dd6c3bab3880a1ed3da030667802e7
SHA256

14748fda6836b077a0301788791753013e3a85f0a41b721c1d874c3f75140066
SHA512

20693336461355b51abdc62f674b03bf6d29c73101dcbc775692f60d185d84554d60b7f0467901f1923da0f66e508afea72165eae86f0fa477a372ffe492dc6c

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2760	java.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2776	icacls.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2760	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2760	3012	cmd.exe	31
PID 3012 wrote to memory of 2760	3012	cmd.exe	31
PID 3012 wrote to memory of 2760	3012	cmd.exe	31
PID 2760 wrote to memory of 2776	2760	java.exe	32
PID 2760 wrote to memory of 2776	2760	java.exe	32
PID 2760 wrote to memory of 2776	2760	java.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Sorillus\Start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\Sorillus\jre1.8.0_361\bin\java.exe
  jre1.8.0_361\bin\java.exe -jar -noverify Sorillas.jar
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3ab94211edccf47a.timestamp

Filesize
72B

MD5
cc72f31a5ed072ead6440a25f4b7a86a

SHA1
5125a5501e3099bc61c22f4e89e7deb56d040c2f

SHA256
fb3b76880bc30bd80f75a533a24ab8c5b27c1dcf200d55bbf1f80d46043370c0

SHA512
1606362617ae75435ad5ea2aadd68a21a4fc65484804df4c1bc1b7349da33aed65a06851df8845df317e80a60ef0ffb429276949f82a41401a3f92edfb933d1d

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF14475983763836510.tmp

Filesize
52KB

MD5
de2d73ffb31b036a481049751970e2ca

SHA1
5c26b381aa54a3336729cbaf4281620e03c34873

SHA256
5afafd11dad40cc06023a6a5c1a6793b1cb55720314a18d4352879d6214b014e

SHA512
f19bda9d9f355dab1ae3846c5e3a6535e59c529d0efe6204dd54000f3e088cf94099a1ccab94c0fadf7631385b94ca8c667f76c0556066ea49f06b2ac1479adb

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF2810452305163762101.tmp

Filesize
217KB

MD5
1bf71be111189e76987a4bb9b3115cb7

SHA1
40442c189568184b6e6c27a25d69f14d91b65039

SHA256
cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424

SHA512
cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF8767023561451548804.tmp

Filesize
164KB

MD5
8a36205bd9b83e03af0591a004bc97f4

SHA1
56c5c0d38bde4c1f1549dda43db37b09c608aad3

SHA256
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

SHA512
e96b43b0ca3fd7775d75a702f44cd1b0dfd325e1db317f7cba84efdf572571fe7594068f9132a937251aab8bd1f68783213677d4953aca197195fbe5db1f90d7

Download Submit
\Users\Admin\Sorillus\.tmp\slfxblur4957881958584812136.dll

Filesize
14KB

MD5
7d98ecc5e5bc1b00731df7bd0c851abd

SHA1
15e4408f7d94b65c515b646d2e5953314b0e17c6

SHA256
fd7bf95651d114ff200322162e7b71f5090bb8632b506d45f8ea65bb0854635d

SHA512
d1b071e0a36cb2e94811fe49b7934ad9c66f3b03231c79d78a38bb31d486bbc1bcfee7fbac1ae617705165396bfad93f8d547d96300f1d9cfecbd03cb24bb569

Download Submit
memory/2760-123-0x0000000002A30000-0x0000000002A40000-memory.dmp

Filesize
64KB

Download
memory/2760-77-0x0000000002950000-0x0000000002960000-memory.dmp

Filesize
64KB

Download
memory/2760-16-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/2760-14-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/2760-13-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/2760-22-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2760-23-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2760-27-0x00000000028C0000-0x00000000028D0000-memory.dmp

Filesize
64KB

Download
memory/2760-28-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/2760-29-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/2760-31-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/2760-64-0x0000000002910000-0x0000000002920000-memory.dmp

Filesize
64KB

Download
memory/2760-62-0x0000000002900000-0x0000000002910000-memory.dmp

Filesize
64KB

Download
memory/2760-65-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2760-67-0x0000000002920000-0x0000000002930000-memory.dmp

Filesize
64KB

Download
memory/2760-69-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/2760-71-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2760-73-0x0000000002940000-0x0000000002950000-memory.dmp

Filesize
64KB

Download
memory/2760-72-0x0000000002650000-0x00000000028C0000-memory.dmp

Filesize
2.4MB

Download
memory/2760-127-0x0000000002A40000-0x0000000002A50000-memory.dmp

Filesize
64KB

Download
memory/2760-76-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/2760-80-0x0000000002960000-0x0000000002970000-memory.dmp

Filesize
64KB

Download
memory/2760-79-0x00000000028C0000-0x00000000028D0000-memory.dmp

Filesize
64KB

Download
memory/2760-82-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/2760-83-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/2760-85-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/2760-86-0x0000000002980000-0x0000000002990000-memory.dmp

Filesize
64KB

Download
memory/2760-88-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/2760-89-0x0000000002990000-0x00000000029A0000-memory.dmp

Filesize
64KB

Download
memory/2760-92-0x0000000002900000-0x0000000002910000-memory.dmp

Filesize
64KB

Download
memory/2760-93-0x00000000029A0000-0x00000000029B0000-memory.dmp

Filesize
64KB

Download
memory/2760-95-0x0000000002910000-0x0000000002920000-memory.dmp

Filesize
64KB

Download
memory/2760-96-0x00000000029B0000-0x00000000029C0000-memory.dmp

Filesize
64KB

Download
memory/2760-99-0x00000000029C0000-0x00000000029D0000-memory.dmp

Filesize
64KB

Download
memory/2760-98-0x0000000002920000-0x0000000002930000-memory.dmp

Filesize
64KB

Download
memory/2760-101-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/2760-122-0x0000000002990000-0x00000000029A0000-memory.dmp

Filesize
64KB

Download
memory/2760-105-0x0000000002940000-0x0000000002950000-memory.dmp

Filesize
64KB

Download
memory/2760-106-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/2760-108-0x0000000002950000-0x0000000002960000-memory.dmp

Filesize
64KB

Download
memory/2760-109-0x00000000029F0000-0x0000000002A00000-memory.dmp

Filesize
64KB

Download
memory/2760-111-0x0000000002960000-0x0000000002970000-memory.dmp

Filesize
64KB

Download
memory/2760-112-0x0000000002A00000-0x0000000002A10000-memory.dmp

Filesize
64KB

Download
memory/2760-114-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/2760-115-0x0000000002A10000-0x0000000002A20000-memory.dmp

Filesize
64KB

Download
memory/2760-119-0x0000000002980000-0x0000000002990000-memory.dmp

Filesize
64KB

Download
memory/2760-120-0x0000000002A20000-0x0000000002A30000-memory.dmp

Filesize
64KB

Download
memory/2760-2-0x0000000002650000-0x00000000028C0000-memory.dmp

Filesize
2.4MB

Download
memory/2760-102-0x00000000029D0000-0x00000000029E0000-memory.dmp

Filesize
64KB

Download
memory/2760-15-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/2760-198-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

Filesize
64KB

Download
memory/2760-129-0x00000000029B0000-0x00000000029C0000-memory.dmp

Filesize
64KB

Download
memory/2760-130-0x0000000002A50000-0x0000000002A60000-memory.dmp

Filesize
64KB

Download
memory/2760-132-0x00000000029C0000-0x00000000029D0000-memory.dmp

Filesize
64KB

Download
memory/2760-133-0x0000000002A60000-0x0000000002A70000-memory.dmp

Filesize
64KB

Download
memory/2760-136-0x0000000002A70000-0x0000000002A80000-memory.dmp

Filesize
64KB

Download
memory/2760-135-0x00000000029D0000-0x00000000029E0000-memory.dmp

Filesize
64KB

Download
memory/2760-140-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/2760-141-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download
memory/2760-145-0x0000000002A90000-0x0000000002AA0000-memory.dmp

Filesize
64KB

Download
memory/2760-144-0x00000000029F0000-0x0000000002A00000-memory.dmp

Filesize
64KB

Download
memory/2760-148-0x0000000002A00000-0x0000000002A10000-memory.dmp

Filesize
64KB

Download
memory/2760-152-0x0000000002AB0000-0x0000000002AC0000-memory.dmp

Filesize
64KB

Download
memory/2760-151-0x0000000002A10000-0x0000000002A20000-memory.dmp

Filesize
64KB

Download
memory/2760-149-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

Filesize
64KB

Download
memory/2760-154-0x0000000002A20000-0x0000000002A30000-memory.dmp

Filesize
64KB

Download
memory/2760-155-0x0000000002AC0000-0x0000000002AD0000-memory.dmp

Filesize
64KB

Download
memory/2760-158-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

Filesize
64KB

Download
memory/2760-157-0x0000000002A30000-0x0000000002A40000-memory.dmp

Filesize
64KB

Download
memory/2760-162-0x0000000002A40000-0x0000000002A50000-memory.dmp

Filesize
64KB

Download
memory/2760-163-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

Filesize
64KB

Download
memory/2760-166-0x0000000002A50000-0x0000000002A60000-memory.dmp

Filesize
64KB

Download
memory/2760-167-0x0000000002AF0000-0x0000000002B00000-memory.dmp

Filesize
64KB

Download
memory/2760-176-0x0000000002A70000-0x0000000002A80000-memory.dmp

Filesize
64KB

Download
memory/2760-175-0x0000000002B20000-0x0000000002B30000-memory.dmp

Filesize
64KB

Download
memory/2760-173-0x0000000002B10000-0x0000000002B20000-memory.dmp

Filesize
64KB

Download
memory/2760-172-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/2760-171-0x0000000002A60000-0x0000000002A70000-memory.dmp

Filesize
64KB

Download
memory/2760-180-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/2760-179-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download
memory/2760-182-0x0000000002A90000-0x0000000002AA0000-memory.dmp

Filesize
64KB

Download
memory/2760-183-0x0000000002B40000-0x0000000002B50000-memory.dmp

Filesize
64KB

Download
memory/2760-185-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

Filesize
64KB

Download
memory/2760-186-0x0000000002B50000-0x0000000002B60000-memory.dmp

Filesize
64KB

Download
memory/2760-188-0x0000000002AB0000-0x0000000002AC0000-memory.dmp

Filesize
64KB

Download
memory/2760-189-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/2760-193-0x0000000002B70000-0x0000000002B80000-memory.dmp

Filesize
64KB

Download
memory/2760-191-0x0000000002AC0000-0x0000000002AD0000-memory.dmp

Filesize
64KB

Download
memory/2760-195-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

Filesize
64KB

Download
memory/2760-196-0x0000000002B80000-0x0000000002B90000-memory.dmp

Filesize
64KB

Download
memory/2760-201-0x0000000002AF0000-0x0000000002B00000-memory.dmp

Filesize
64KB

Download
memory/2760-199-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download
memory/2760-126-0x00000000029A0000-0x00000000029B0000-memory.dmp

Filesize
64KB

Download
memory/2760-207-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

Filesize
64KB

Download
memory/2760-206-0x0000000002B20000-0x0000000002B30000-memory.dmp

Filesize
64KB

Download
memory/2760-205-0x0000000002B10000-0x0000000002B20000-memory.dmp

Filesize
64KB

Download
memory/2760-204-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/2760-202-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

Filesize
64KB

Download
memory/2760-331-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/2760-334-0x0000000002B40000-0x0000000002B50000-memory.dmp

Filesize
64KB

Download