2d68b7c3e84a17714197334296201071e31487281dc119c7c1aecb32ec3ffda0

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HELLO.jar
Size

2.3MB
MD5

3950c0d6bd731b2039ec1c7b33c76f52
SHA1

52452cc54408b66e300be5a1141fb7c2e8cc5246
SHA256

2d68b7c3e84a17714197334296201071e31487281dc119c7c1aecb32ec3ffda0
SHA512

1e6c68dc8d43c46abfc7fb5fd861d19a9ce6c80267eb072f0fece3001c3f654cb496413d73d48c5f6da8c20fd557e0873d5b1cdc731bb609bba5c20f06ed66a2
SSDEEP

49152:fGQma9w588m2GuzpK4JeT3gOtPWD0d0+aKWnGPLsFHRFZX:fXmb88QcpK4JeHJ8/nGPmHRz

Score

7^/10

discovery persistence

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1948 icacls.exe

pid	process
1948	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1719321495407.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

java.exe

pid process

4424 java.exe
4424 java.exe
4424 java.exe
4424 java.exe

pid	process
4424	java.exe
4424	java.exe
4424	java.exe
4424	java.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

java.execmd.exe

description	pid	process	target process
PID 4424 wrote to memory of 1948	4424	java.exe	icacls.exe
PID 4424 wrote to memory of 1948	4424	java.exe	icacls.exe
PID 4424 wrote to memory of 540	4424	java.exe	attrib.exe
PID 4424 wrote to memory of 540	4424	java.exe	attrib.exe
PID 4424 wrote to memory of 5048	4424	java.exe	cmd.exe
PID 4424 wrote to memory of 5048	4424	java.exe	cmd.exe
PID 5048 wrote to memory of 1476	5048	cmd.exe	reg.exe
PID 5048 wrote to memory of 1476	5048	cmd.exe	reg.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

540 attrib.exe

pid	process
540	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\HELLO.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4424

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1948

C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719321495407.tmp
2⤵
- Views/modifies file attributes
PID:540

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719321495407.tmp" /f"
2⤵
- Suspicious use of WriteProcessMemory
PID:5048

C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719321495407.tmp" /f
3⤵
- Adds Run key to start application
PID:1476

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
43776c7c6a635b1d1593a5e981f1e517

SHA1
62cd33af1a2fd7c8bfad225db73ff2eee0dff2ae

SHA256
a21c5b60408a683c5f828b247e2e8a6b8f34bc89dbb9517725a4641aa28ee9c7

SHA512
e53fafc653cf56d25fb5d07093316d097852c160a6c4b97883cbaef8ff103a584cf280c70d2e98ce68d53cfaf04f020a1ed4adc4fedb4c25f7e84cc1a1777d1e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719321495407.tmp
Filesize
2.3MB

MD5
3950c0d6bd731b2039ec1c7b33c76f52

SHA1
52452cc54408b66e300be5a1141fb7c2e8cc5246

SHA256
2d68b7c3e84a17714197334296201071e31487281dc119c7c1aecb32ec3ffda0

SHA512
1e6c68dc8d43c46abfc7fb5fd861d19a9ce6c80267eb072f0fece3001c3f654cb496413d73d48c5f6da8c20fd557e0873d5b1cdc731bb609bba5c20f06ed66a2

Download Submit
memory/4424-2-0x000001C8CEAF0000-0x000001C8CED60000-memory.dmp

Filesize
2.4MB

Download
memory/4424-17-0x000001C8CED60000-0x000001C8CED70000-memory.dmp

Filesize
64KB

Download
memory/4424-20-0x000001C8CED80000-0x000001C8CED90000-memory.dmp

Filesize
64KB

Download
memory/4424-19-0x000001C8CED70000-0x000001C8CED80000-memory.dmp

Filesize
64KB

Download
memory/4424-24-0x000001C8CEDA0000-0x000001C8CEDB0000-memory.dmp

Filesize
64KB

Download
memory/4424-23-0x000001C8CED90000-0x000001C8CEDA0000-memory.dmp

Filesize
64KB

Download
memory/4424-26-0x000001C8CEDB0000-0x000001C8CEDC0000-memory.dmp

Filesize
64KB

Download
memory/4424-30-0x000001C8CD100000-0x000001C8CD101000-memory.dmp

Filesize
4KB

Download
memory/4424-34-0x000001C8CEDD0000-0x000001C8CEDE0000-memory.dmp

Filesize
64KB

Download
memory/4424-33-0x000001C8CEDC0000-0x000001C8CEDD0000-memory.dmp

Filesize
64KB

Download
memory/4424-38-0x000001C8CEDE0000-0x000001C8CEDF0000-memory.dmp

Filesize
64KB

Download
memory/4424-40-0x000001C8CD100000-0x000001C8CD101000-memory.dmp

Filesize
4KB

Download
memory/4424-41-0x000001C8CEDF0000-0x000001C8CEE00000-memory.dmp

Filesize
64KB

Download
memory/4424-43-0x000001C8CEE00000-0x000001C8CEE10000-memory.dmp

Filesize
64KB

Download
memory/4424-46-0x000001C8CEE10000-0x000001C8CEE20000-memory.dmp

Filesize
64KB

Download
memory/4424-49-0x000001C8CEE20000-0x000001C8CEE30000-memory.dmp

Filesize
64KB

Download
memory/4424-48-0x000001C8CEAF0000-0x000001C8CED60000-memory.dmp

Filesize
2.4MB

Download
memory/4424-54-0x000001C8CEE30000-0x000001C8CEE40000-memory.dmp

Filesize
64KB

Download
memory/4424-53-0x000001C8CED60000-0x000001C8CED70000-memory.dmp

Filesize
64KB

Download
memory/4424-56-0x000001C8CED70000-0x000001C8CED80000-memory.dmp

Filesize
64KB

Download
memory/4424-57-0x000001C8CED80000-0x000001C8CED90000-memory.dmp

Filesize
64KB

Download
memory/4424-58-0x000001C8CEE40000-0x000001C8CEE50000-memory.dmp

Filesize
64KB

Download
memory/4424-59-0x000001C8CD100000-0x000001C8CD101000-memory.dmp

Filesize
4KB

Download
memory/4424-61-0x000001C8CED90000-0x000001C8CEDA0000-memory.dmp

Filesize
64KB

Download
memory/4424-62-0x000001C8CEDA0000-0x000001C8CEDB0000-memory.dmp

Filesize
64KB

Download
memory/4424-63-0x000001C8CEE50000-0x000001C8CEE60000-memory.dmp

Filesize
64KB

Download
memory/4424-65-0x000001C8CEDB0000-0x000001C8CEDC0000-memory.dmp

Filesize
64KB

Download
memory/4424-66-0x000001C8CEE60000-0x000001C8CEE70000-memory.dmp

Filesize
64KB

Download
memory/4424-72-0x000001C8CEE70000-0x000001C8CEE80000-memory.dmp

Filesize
64KB

Download
memory/4424-69-0x000001C8CD100000-0x000001C8CD101000-memory.dmp

Filesize
4KB

Download
memory/4424-70-0x000001C8CEDC0000-0x000001C8CEDD0000-memory.dmp

Filesize
64KB

Download
memory/4424-71-0x000001C8CEDD0000-0x000001C8CEDE0000-memory.dmp

Filesize
64KB

Download
memory/4424-74-0x000001C8CD100000-0x000001C8CD101000-memory.dmp

Filesize
4KB

Download
memory/4424-76-0x000001C8CEDE0000-0x000001C8CEDF0000-memory.dmp

Filesize
64KB

Download
memory/4424-77-0x000001C8CEDF0000-0x000001C8CEE00000-memory.dmp

Filesize
64KB

Download
memory/4424-78-0x000001C8CEE00000-0x000001C8CEE10000-memory.dmp

Filesize
64KB

Download
memory/4424-79-0x000001C8CEE10000-0x000001C8CEE20000-memory.dmp

Filesize
64KB

Download
memory/4424-80-0x000001C8CEE20000-0x000001C8CEE30000-memory.dmp

Filesize
64KB

Download
memory/4424-81-0x000001C8CEE30000-0x000001C8CEE40000-memory.dmp

Filesize
64KB

Download
memory/4424-82-0x000001C8CEE40000-0x000001C8CEE50000-memory.dmp

Filesize
64KB

Download
memory/4424-83-0x000001C8CEE50000-0x000001C8CEE60000-memory.dmp

Filesize
64KB

Download
memory/4424-84-0x000001C8CEE60000-0x000001C8CEE70000-memory.dmp

Filesize
64KB

Download
memory/4424-85-0x000001C8CEE70000-0x000001C8CEE80000-memory.dmp

Filesize
64KB

Download
memory/4424-86-0x000001C8CEE80000-0x000001C8CEE90000-memory.dmp

Filesize
64KB

Download
memory/4424-87-0x000001C8CEE80000-0x000001C8CEE90000-memory.dmp

Filesize
64KB

Download
memory/4424-88-0x000001C8CD100000-0x000001C8CD101000-memory.dmp

Filesize
4KB

Download
memory/4424-90-0x000001C8CEE90000-0x000001C8CEEA0000-memory.dmp

Filesize
64KB

Download
memory/4424-92-0x000001C8CEE90000-0x000001C8CEEA0000-memory.dmp

Filesize
64KB

Download