39567ac217f977fa30c84ff6a73184dd4ea381738787d9cac4987c359aa09678

Analysis

max time kernel
68s
max time network
77s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
21-06-2024 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sex.jar
Size

639KB
MD5

6790eea68539247aff5c76f929d8a89b
SHA1

4cfdbea1546fbfb94748da5b59e315c3460557cf
SHA256

39567ac217f977fa30c84ff6a73184dd4ea381738787d9cac4987c359aa09678
SHA512

48c122ebf42d2ee520e3c780940f4a1182f136230d174f73a437b6d84aa549009f03831f6a3d9d04d2056ca828184f23bab90c0d8d70102e9e82f15903fb38f2
SSDEEP

12288:7/dwQa/CQK5cT4joIQ3Hgw/lRH+9KeNOpvgAZSR893Cu82tMS97D4+:7/eQOa584UPHgwfmPOpoCfCuBtP97D4+

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1852 icacls.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

1 0.tcp.eu.ngrok.io
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

java.exe

pid process

3468 java.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 3468 wrote to memory of 1852 3468 java.exe icacls.exe
PID 3468 wrote to memory of 1852 3468 java.exe icacls.exe

pid	process
1852	icacls.exe

flow	ioc
1	0.tcp.eu.ngrok.io

pid	process
3468	java.exe

description	pid	process	target process
PID 3468 wrote to memory of 1852	3468	java.exe	icacls.exe
PID 3468 wrote to memory of 1852	3468	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\sex.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3468

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1852

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
9334c4658cabeff67f8ebb9724dfc31f

SHA1
f70aa2a90049b6a56d6f4d5b693d09135e5433fa

SHA256
bec11e57fe1115972c084d224b508d1377228a0dc491b4288c73ab2a8f1010fe

SHA512
235234bf8e94aae1683838782172db31d7b63879298d004d17d354197bfa7a90192d464e61c53679343e9d4bfdd6af682b7cbb235d4fcc7ceda1023ddfe666b5

Download Submit
memory/3468-36-0x0000019186390000-0x0000019186391000-memory.dmp

Filesize
4KB

Download
memory/3468-50-0x0000019187E70000-0x0000019187E80000-memory.dmp

Filesize
64KB

Download
memory/3468-35-0x0000019187B80000-0x0000019187DF0000-memory.dmp

Filesize
2.4MB

Download
memory/3468-23-0x0000019187E20000-0x0000019187E30000-memory.dmp

Filesize
64KB

Download
memory/3468-21-0x0000019187E10000-0x0000019187E20000-memory.dmp

Filesize
64KB

Download
memory/3468-24-0x0000019187E30000-0x0000019187E40000-memory.dmp

Filesize
64KB

Download
memory/3468-26-0x0000019187E40000-0x0000019187E50000-memory.dmp

Filesize
64KB

Download
memory/3468-29-0x0000019187E50000-0x0000019187E60000-memory.dmp

Filesize
64KB

Download
memory/3468-30-0x0000019187E60000-0x0000019187E70000-memory.dmp

Filesize
64KB

Download
memory/3468-37-0x0000019187DF0000-0x0000019187E00000-memory.dmp

Filesize
64KB

Download
memory/3468-18-0x0000019187E00000-0x0000019187E10000-memory.dmp

Filesize
64KB

Download
memory/3468-17-0x0000019187DF0000-0x0000019187E00000-memory.dmp

Filesize
64KB

Download
memory/3468-34-0x0000019186390000-0x0000019186391000-memory.dmp

Filesize
4KB

Download
memory/3468-38-0x0000019187E00000-0x0000019187E10000-memory.dmp

Filesize
64KB

Download
memory/3468-39-0x0000019187E10000-0x0000019187E20000-memory.dmp

Filesize
64KB

Download
memory/3468-40-0x0000019187E20000-0x0000019187E30000-memory.dmp

Filesize
64KB

Download
memory/3468-41-0x0000019187E30000-0x0000019187E40000-memory.dmp

Filesize
64KB

Download
memory/3468-42-0x0000019187E40000-0x0000019187E50000-memory.dmp

Filesize
64KB

Download
memory/3468-44-0x0000019187E50000-0x0000019187E60000-memory.dmp

Filesize
64KB

Download
memory/3468-45-0x0000019187E70000-0x0000019187E80000-memory.dmp

Filesize
64KB

Download
memory/3468-48-0x0000019187E80000-0x0000019187E90000-memory.dmp

Filesize
64KB

Download
memory/3468-47-0x0000019187E60000-0x0000019187E70000-memory.dmp

Filesize
64KB

Download
memory/3468-2-0x0000019187B80000-0x0000019187DF0000-memory.dmp

Filesize
2.4MB

Download