ddb8ab6024abb8a8dc188247bcb27a3cfd861df8cfad88e1701f9aff393fad6d

Analysis

max time kernel
62s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddb8ab6024abb8a8dc188247bcb27a3cfd861df8cfad88e1701f9aff393fad6d.jar
Size

203KB
MD5

a6f43b2134782c1aaa5c63416fdd25c0
SHA1

73a1b9f1fef45be979408c04b01d47544f628d88
SHA256

ddb8ab6024abb8a8dc188247bcb27a3cfd861df8cfad88e1701f9aff393fad6d
SHA512

27c86a3b4d1f5fd35a7a21e17406ab42bf52749edca01d72df869226ad2d4e9fb6666d4c85f32d2b9f0e035e0a3de49f455dd6035a303473cf66d3f49bb648ef
SSDEEP

3072:xVh9Cg5sLqdelU7IryxdfdIqrIfCpYIJk4uVY+jqtoqzhLTBsWdTyw9i:3/aqdJ78y1EfCpYIqNOjfzh3WWdTNi

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4916 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 4712 wrote to memory of 4916 4712 java.exe icacls.exe
PID 4712 wrote to memory of 4916 4712 java.exe icacls.exe

pid	process
4916	icacls.exe

description	pid	process	target process
PID 4712 wrote to memory of 4916	4712	java.exe	icacls.exe
PID 4712 wrote to memory of 4916	4712	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\ddb8ab6024abb8a8dc188247bcb27a3cfd861df8cfad88e1701f9aff393fad6d.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4712

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:4916

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
49deab8fd4b35a4b6019f5cc4b86723b

SHA1
6dc2612936b7c9c26fee77a2a75dd870c6d8cd12

SHA256
d9f11ddb12ea66469bd70358b5c93439bbfd8faf284cd7700e7fcd9c1a1e4b80

SHA512
3ad0176c35ee389c6037e9e0e80bd2b46328b06c387f1e35a8c22cf40cf03f21e99e4a103b4edb83bec932f475897bb1e647e519d9ccd5512540b21d862e32cd

Download Submit
memory/4712-2-0x000001BE1BA50000-0x000001BE1BCC0000-memory.dmp

Filesize
2.4MB

Download
memory/4712-16-0x000001BE1BCD0000-0x000001BE1BCE0000-memory.dmp

Filesize
64KB

Download
memory/4712-15-0x000001BE1BCC0000-0x000001BE1BCD0000-memory.dmp

Filesize
64KB

Download
memory/4712-18-0x000001BE1BCE0000-0x000001BE1BCF0000-memory.dmp

Filesize
64KB

Download
memory/4712-19-0x000001BE1BCF0000-0x000001BE1BD00000-memory.dmp

Filesize
64KB

Download
memory/4712-25-0x000001BE1BD20000-0x000001BE1BD30000-memory.dmp

Filesize
64KB

Download
memory/4712-24-0x000001BE1BD10000-0x000001BE1BD20000-memory.dmp

Filesize
64KB

Download
memory/4712-23-0x000001BE1BD00000-0x000001BE1BD10000-memory.dmp

Filesize
64KB

Download
memory/4712-27-0x000001BE1BD30000-0x000001BE1BD40000-memory.dmp

Filesize
64KB

Download
memory/4712-30-0x000001BE1BD40000-0x000001BE1BD50000-memory.dmp

Filesize
64KB

Download
memory/4712-35-0x000001BE1BD50000-0x000001BE1BD60000-memory.dmp

Filesize
64KB

Download
memory/4712-37-0x000001BE1A160000-0x000001BE1A161000-memory.dmp

Filesize
4KB

Download
memory/4712-40-0x000001BE1BD70000-0x000001BE1BD80000-memory.dmp

Filesize
64KB

Download
memory/4712-39-0x000001BE1BD60000-0x000001BE1BD70000-memory.dmp

Filesize
64KB

Download
memory/4712-42-0x000001BE1BD80000-0x000001BE1BD90000-memory.dmp

Filesize
64KB

Download
memory/4712-44-0x000001BE1BD90000-0x000001BE1BDA0000-memory.dmp

Filesize
64KB

Download
memory/4712-48-0x000001BE1BA50000-0x000001BE1BCC0000-memory.dmp

Filesize
2.4MB

Download
memory/4712-53-0x000001BE1BCD0000-0x000001BE1BCE0000-memory.dmp

Filesize
64KB

Download
memory/4712-52-0x000001BE1BCC0000-0x000001BE1BCD0000-memory.dmp

Filesize
64KB

Download
memory/4712-51-0x000001BE1BDB0000-0x000001BE1BDC0000-memory.dmp

Filesize
64KB

Download
memory/4712-50-0x000001BE1BDC0000-0x000001BE1BDD0000-memory.dmp

Filesize
64KB

Download
memory/4712-49-0x000001BE1BDA0000-0x000001BE1BDB0000-memory.dmp

Filesize
64KB

Download
memory/4712-59-0x000001BE1BDD0000-0x000001BE1BDE0000-memory.dmp

Filesize
64KB

Download
memory/4712-60-0x000001BE1BDE0000-0x000001BE1BDF0000-memory.dmp

Filesize
64KB

Download
memory/4712-58-0x000001BE1BCF0000-0x000001BE1BD00000-memory.dmp

Filesize
64KB

Download
memory/4712-57-0x000001BE1BCE0000-0x000001BE1BCF0000-memory.dmp

Filesize
64KB

Download
memory/4712-63-0x000001BE1BD00000-0x000001BE1BD10000-memory.dmp

Filesize
64KB

Download
memory/4712-65-0x000001BE1BD20000-0x000001BE1BD30000-memory.dmp

Filesize
64KB

Download
memory/4712-64-0x000001BE1BD10000-0x000001BE1BD20000-memory.dmp

Filesize
64KB

Download
memory/4712-67-0x000001BE1BD30000-0x000001BE1BD40000-memory.dmp

Filesize
64KB

Download
memory/4712-68-0x000001BE1BD40000-0x000001BE1BD50000-memory.dmp

Filesize
64KB

Download
memory/4712-69-0x000001BE1BD50000-0x000001BE1BD60000-memory.dmp

Filesize
64KB

Download
memory/4712-71-0x000001BE1BD60000-0x000001BE1BD70000-memory.dmp

Filesize
64KB

Download
memory/4712-72-0x000001BE1BD70000-0x000001BE1BD80000-memory.dmp

Filesize
64KB

Download
memory/4712-73-0x000001BE1BD80000-0x000001BE1BD90000-memory.dmp

Filesize
64KB

Download
memory/4712-74-0x000001BE1BDF0000-0x000001BE1BE00000-memory.dmp

Filesize
64KB

Download
memory/4712-77-0x000001BE1BE00000-0x000001BE1BE10000-memory.dmp

Filesize
64KB

Download
memory/4712-76-0x000001BE1BD90000-0x000001BE1BDA0000-memory.dmp

Filesize
64KB

Download
memory/4712-80-0x000001BE1BDC0000-0x000001BE1BDD0000-memory.dmp

Filesize
64KB

Download
memory/4712-81-0x000001BE1BE10000-0x000001BE1BE20000-memory.dmp

Filesize
64KB

Download
memory/4712-79-0x000001BE1BDA0000-0x000001BE1BDB0000-memory.dmp

Filesize
64KB

Download
memory/4712-85-0x000001BE1BE20000-0x000001BE1BE30000-memory.dmp

Filesize
64KB

Download
memory/4712-86-0x000001BE1BE30000-0x000001BE1BE40000-memory.dmp

Filesize
64KB

Download
memory/4712-84-0x000001BE1BDB0000-0x000001BE1BDC0000-memory.dmp

Filesize
64KB

Download
memory/4712-90-0x000001BE1BE40000-0x000001BE1BE50000-memory.dmp

Filesize
64KB

Download
memory/4712-89-0x000001BE1BDE0000-0x000001BE1BDF0000-memory.dmp

Filesize
64KB

Download
memory/4712-88-0x000001BE1BDD0000-0x000001BE1BDE0000-memory.dmp

Filesize
64KB

Download
memory/4712-92-0x000001BE1BE50000-0x000001BE1BE60000-memory.dmp

Filesize
64KB

Download
memory/4712-94-0x000001BE1BE60000-0x000001BE1BE70000-memory.dmp

Filesize
64KB

Download
memory/4712-97-0x000001BE1BE70000-0x000001BE1BE80000-memory.dmp

Filesize
64KB

Download
memory/4712-98-0x000001BE1BE80000-0x000001BE1BE90000-memory.dmp

Filesize
64KB

Download
memory/4712-100-0x000001BE1BE90000-0x000001BE1BEA0000-memory.dmp

Filesize
64KB

Download
memory/4712-102-0x000001BE1BEA0000-0x000001BE1BEB0000-memory.dmp

Filesize
64KB

Download
memory/4712-110-0x000001BE1BED0000-0x000001BE1BEE0000-memory.dmp

Filesize
64KB

Download
memory/4712-109-0x000001BE1BE00000-0x000001BE1BE10000-memory.dmp

Filesize
64KB

Download
memory/4712-108-0x000001BE1BEB0000-0x000001BE1BEC0000-memory.dmp

Filesize
64KB

Download
memory/4712-107-0x000001BE1BEC0000-0x000001BE1BED0000-memory.dmp

Filesize
64KB

Download
memory/4712-106-0x000001BE1BDF0000-0x000001BE1BE00000-memory.dmp

Filesize
64KB

Download
memory/4712-113-0x000001BE1A160000-0x000001BE1A161000-memory.dmp

Filesize
4KB

Download
memory/4712-114-0x000001BE1A160000-0x000001BE1A161000-memory.dmp

Filesize
4KB

Download
memory/4712-125-0x000001BE1A160000-0x000001BE1A161000-memory.dmp

Filesize
4KB

Download
memory/4712-134-0x000001BE1BEE0000-0x000001BE1BEF0000-memory.dmp

Filesize
64KB

Download
memory/4712-133-0x000001BE1BE10000-0x000001BE1BE20000-memory.dmp

Filesize
64KB

Download
memory/4712-137-0x000001BE1BE20000-0x000001BE1BE30000-memory.dmp

Filesize
64KB

Download
memory/4712-140-0x000001BE1BF00000-0x000001BE1BF10000-memory.dmp

Filesize
64KB

Download
memory/4712-139-0x000001BE1BEF0000-0x000001BE1BF00000-memory.dmp

Filesize
64KB

Download
memory/4712-138-0x000001BE1BE30000-0x000001BE1BE40000-memory.dmp

Filesize
64KB

Download
memory/4712-142-0x000001BE1BE40000-0x000001BE1BE50000-memory.dmp

Filesize
64KB

Download
memory/4712-143-0x000001BE1BF10000-0x000001BE1BF20000-memory.dmp

Filesize
64KB

Download
memory/4712-146-0x000001BE1BE50000-0x000001BE1BE60000-memory.dmp

Filesize
64KB

Download
memory/4712-147-0x000001BE1BF20000-0x000001BE1BF30000-memory.dmp

Filesize
64KB

Download
memory/4712-149-0x000001BE1BE60000-0x000001BE1BE70000-memory.dmp

Filesize
64KB

Download
memory/4712-150-0x000001BE1BF30000-0x000001BE1BF40000-memory.dmp

Filesize
64KB

Download
memory/4712-151-0x000001BE1BE70000-0x000001BE1BE80000-memory.dmp

Filesize
64KB

Download
memory/4712-153-0x000001BE1BF40000-0x000001BE1BF50000-memory.dmp

Filesize
64KB

Download
memory/4712-152-0x000001BE1BE80000-0x000001BE1BE90000-memory.dmp

Filesize
64KB

Download
memory/4712-156-0x000001BE1BF50000-0x000001BE1BF60000-memory.dmp

Filesize
64KB

Download
memory/4712-155-0x000001BE1BE90000-0x000001BE1BEA0000-memory.dmp

Filesize
64KB

Download
memory/4712-161-0x000001BE1BF60000-0x000001BE1BF70000-memory.dmp

Filesize
64KB

Download
memory/4712-160-0x000001BE1BEC0000-0x000001BE1BED0000-memory.dmp

Filesize
64KB

Download
memory/4712-159-0x000001BE1BEA0000-0x000001BE1BEB0000-memory.dmp

Filesize
64KB

Download
memory/4712-177-0x000001BE1A160000-0x000001BE1A161000-memory.dmp

Filesize
4KB

Download
memory/4712-170-0x000001BE1A160000-0x000001BE1A161000-memory.dmp

Filesize
4KB

Download
memory/4712-184-0x000001BE1BF70000-0x000001BE1BF80000-memory.dmp

Filesize
64KB

Download
memory/4712-187-0x000001BE1BEB0000-0x000001BE1BEC0000-memory.dmp

Filesize
64KB

Download
memory/4712-189-0x000001BE1BF80000-0x000001BE1BF90000-memory.dmp

Filesize
64KB

Download
memory/4712-188-0x000001BE1BED0000-0x000001BE1BEE0000-memory.dmp

Filesize
64KB

Download
memory/4712-193-0x000001BE1BF90000-0x000001BE1BFA0000-memory.dmp

Filesize
64KB

Download
memory/4712-192-0x000001BE1BEE0000-0x000001BE1BEF0000-memory.dmp

Filesize
64KB

Download
memory/4712-197-0x000001BE1BEF0000-0x000001BE1BF00000-memory.dmp

Filesize
64KB

Download
memory/4712-198-0x000001BE1BF00000-0x000001BE1BF10000-memory.dmp

Filesize
64KB

Download
memory/4712-201-0x000001BE1BF10000-0x000001BE1BF20000-memory.dmp

Filesize
64KB

Download
memory/4712-202-0x000001BE1BFA0000-0x000001BE1BFB0000-memory.dmp

Filesize
64KB

Download
memory/4712-204-0x000001BE1BF20000-0x000001BE1BF30000-memory.dmp

Filesize
64KB

Download
memory/4712-205-0x000001BE1BFB0000-0x000001BE1BFC0000-memory.dmp

Filesize
64KB

Download
memory/4712-207-0x000001BE1BF30000-0x000001BE1BF40000-memory.dmp

Filesize
64KB

Download
memory/4712-208-0x000001BE1BFC0000-0x000001BE1BFD0000-memory.dmp

Filesize
64KB

Download
memory/4712-210-0x000001BE1BF40000-0x000001BE1BF50000-memory.dmp

Filesize
64KB

Download
memory/4712-211-0x000001BE1BF50000-0x000001BE1BF60000-memory.dmp

Filesize
64KB

Download
memory/4712-212-0x000001BE1BF60000-0x000001BE1BF70000-memory.dmp

Filesize
64KB

Download
memory/4712-213-0x000001BE1BF70000-0x000001BE1BF80000-memory.dmp

Filesize
64KB

Download
memory/4712-214-0x000001BE1BF80000-0x000001BE1BF90000-memory.dmp

Filesize
64KB

Download
memory/4712-236-0x0000001950B00000-0x0000001950C00000-memory.dmp

Filesize
1024KB

Download