2d0ffc551620087ec69cbd4102297e9cd531d7d5e8337c8559795b5cc962d665

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iidk.jar
Size

639KB
MD5

252fd90861780cafa9c3636effd29d37
SHA1

a5338e8c723f9643de231fbbe95bd4930964ac39
SHA256

2d0ffc551620087ec69cbd4102297e9cd531d7d5e8337c8559795b5cc962d665
SHA512

f53406416525546a66984ced9fef87226f23d818fb6f6e073adfe7c7983d08acd428047cc91934468ba8009a468da4fe368018bbaf001fe56f12b9ba4282b8b1
SSDEEP

12288:/rJwQO/KYKlQf4TQIUPbgs/hRP+NmmNC5rgQBeRE13yuE2hwSlLDsI:/r+Qiilw4EvbgsjeHC5sKfyuZhLlLDsI

Score

7^/10

discovery persistence

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

872 icacls.exe

pid	process
872	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1719487047345.tmp"	reg.exe

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

46 checkip.amazonaws.com
47 checkip.amazonaws.com
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

java.exe

pid process

4712 java.exe
4712 java.exe
4712 java.exe

flow	ioc
46	checkip.amazonaws.com
47	checkip.amazonaws.com

pid	process
4712	java.exe
4712	java.exe
4712	java.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

java.execmd.exe

description	pid	process	target process
PID 4712 wrote to memory of 872	4712	java.exe	icacls.exe
PID 4712 wrote to memory of 872	4712	java.exe	icacls.exe
PID 4712 wrote to memory of 3060	4712	java.exe	attrib.exe
PID 4712 wrote to memory of 3060	4712	java.exe	attrib.exe
PID 4712 wrote to memory of 1496	4712	java.exe	cmd.exe
PID 4712 wrote to memory of 1496	4712	java.exe	cmd.exe
PID 1496 wrote to memory of 4320	1496	cmd.exe	reg.exe
PID 1496 wrote to memory of 4320	1496	cmd.exe	reg.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

3060 attrib.exe

pid	process
3060	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\iidk.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4712

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:872

C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719487047345.tmp
2⤵
- Views/modifies file attributes
PID:3060

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719487047345.tmp" /f"
2⤵
- Suspicious use of WriteProcessMemory
PID:1496

C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719487047345.tmp" /f
3⤵
- Adds Run key to start application
PID:4320

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
40439e8be93dcb31cbab4fc3981ca0ae

SHA1
2fb7addaa22560ce4b734f424c5392a858b01d71

SHA256
35aa242d6d784672bb6500b7cbaaa3575e4b1581db4e338746a2471aab8ee5bc

SHA512
5d6271951388c61d7c9d66b6eedb06e1eb2a2056afd06ce4238b465c57e099a1c4f6982ead7131fd598a4e8fa8b2e612376cf43907c02012c18db55939c2a42b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719487047345.tmp
Filesize
639KB

MD5
252fd90861780cafa9c3636effd29d37

SHA1
a5338e8c723f9643de231fbbe95bd4930964ac39

SHA256
2d0ffc551620087ec69cbd4102297e9cd531d7d5e8337c8559795b5cc962d665

SHA512
f53406416525546a66984ced9fef87226f23d818fb6f6e073adfe7c7983d08acd428047cc91934468ba8009a468da4fe368018bbaf001fe56f12b9ba4282b8b1

Download Submit
memory/4712-2-0x000001F7D9CC0000-0x000001F7D9F30000-memory.dmp

Filesize
2.4MB

Download
memory/4712-17-0x000001F7D9F30000-0x000001F7D9F40000-memory.dmp

Filesize
64KB

Download
memory/4712-18-0x000001F7D9F40000-0x000001F7D9F50000-memory.dmp

Filesize
64KB

Download
memory/4712-20-0x000001F7D9F50000-0x000001F7D9F60000-memory.dmp

Filesize
64KB

Download
memory/4712-24-0x000001F7D9F70000-0x000001F7D9F80000-memory.dmp

Filesize
64KB

Download
memory/4712-23-0x000001F7D9F60000-0x000001F7D9F70000-memory.dmp

Filesize
64KB

Download
memory/4712-26-0x000001F7D9F80000-0x000001F7D9F90000-memory.dmp

Filesize
64KB

Download
memory/4712-28-0x000001F7D9F90000-0x000001F7D9FA0000-memory.dmp

Filesize
64KB

Download
memory/4712-36-0x000001F7D9FB0000-0x000001F7D9FC0000-memory.dmp

Filesize
64KB

Download
memory/4712-35-0x000001F7D9FA0000-0x000001F7D9FB0000-memory.dmp

Filesize
64KB

Download
memory/4712-37-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-41-0x000001F7D9FC0000-0x000001F7D9FD0000-memory.dmp

Filesize
64KB

Download
memory/4712-42-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-45-0x000001F7D9CC0000-0x000001F7D9F30000-memory.dmp

Filesize
2.4MB

Download
memory/4712-46-0x000001F7D9F30000-0x000001F7D9F40000-memory.dmp

Filesize
64KB

Download
memory/4712-47-0x000001F7D9F40000-0x000001F7D9F50000-memory.dmp

Filesize
64KB

Download
memory/4712-49-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-51-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-52-0x000001F7D9F50000-0x000001F7D9F60000-memory.dmp

Filesize
64KB

Download
memory/4712-55-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-58-0x000001F7D9F60000-0x000001F7D9F70000-memory.dmp

Filesize
64KB

Download
memory/4712-59-0x000001F7D9F70000-0x000001F7D9F80000-memory.dmp

Filesize
64KB

Download
memory/4712-60-0x000001F7D9FD0000-0x000001F7D9FE0000-memory.dmp

Filesize
64KB

Download
memory/4712-61-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-65-0x000001F7D9F80000-0x000001F7D9F90000-memory.dmp

Filesize
64KB

Download
memory/4712-66-0x000001F7D9FE0000-0x000001F7D9FF0000-memory.dmp

Filesize
64KB

Download
memory/4712-70-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-73-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-81-0x000001F7D9F90000-0x000001F7D9FA0000-memory.dmp

Filesize
64KB

Download
memory/4712-82-0x000001F7D9FF0000-0x000001F7DA000000-memory.dmp

Filesize
64KB

Download
memory/4712-83-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-85-0x000001F7D9FA0000-0x000001F7D9FB0000-memory.dmp

Filesize
64KB

Download
memory/4712-87-0x000001F7DA000000-0x000001F7DA010000-memory.dmp

Filesize
64KB

Download
memory/4712-86-0x000001F7D9FB0000-0x000001F7D9FC0000-memory.dmp

Filesize
64KB

Download
memory/4712-90-0x000001F7D9FC0000-0x000001F7D9FD0000-memory.dmp

Filesize
64KB

Download
memory/4712-91-0x000001F7DA010000-0x000001F7DA020000-memory.dmp

Filesize
64KB

Download
memory/4712-94-0x000001F7DA020000-0x000001F7DA030000-memory.dmp

Filesize
64KB

Download
memory/4712-96-0x000001F7DA030000-0x000001F7DA040000-memory.dmp

Filesize
64KB

Download
memory/4712-99-0x000001F7DA040000-0x000001F7DA050000-memory.dmp

Filesize
64KB

Download
memory/4712-101-0x000001F7DA050000-0x000001F7DA060000-memory.dmp

Filesize
64KB

Download
memory/4712-104-0x000001F7DA060000-0x000001F7DA070000-memory.dmp

Filesize
64KB

Download
memory/4712-106-0x000001F7D9FD0000-0x000001F7D9FE0000-memory.dmp

Filesize
64KB

Download
memory/4712-107-0x000001F7DA070000-0x000001F7DA080000-memory.dmp

Filesize
64KB

Download
memory/4712-110-0x000001F7D9FE0000-0x000001F7D9FF0000-memory.dmp

Filesize
64KB

Download
memory/4712-111-0x000001F7DA080000-0x000001F7DA090000-memory.dmp

Filesize
64KB

Download
memory/4712-112-0x000001F7DA090000-0x000001F7DA0A0000-memory.dmp

Filesize
64KB

Download
memory/4712-115-0x000001F7D9FF0000-0x000001F7DA000000-memory.dmp

Filesize
64KB

Download
memory/4712-116-0x000001F7DA0A0000-0x000001F7DA0B0000-memory.dmp

Filesize
64KB

Download
memory/4712-117-0x000001F7DA000000-0x000001F7DA010000-memory.dmp

Filesize
64KB

Download
memory/4712-119-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-123-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-131-0x000001F7DA010000-0x000001F7DA020000-memory.dmp

Filesize
64KB

Download
memory/4712-132-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-133-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-134-0x000001F7DA020000-0x000001F7DA030000-memory.dmp

Filesize
64KB

Download
memory/4712-136-0x000001F7DA030000-0x000001F7DA040000-memory.dmp

Filesize
64KB

Download
memory/4712-137-0x000001F7DA040000-0x000001F7DA050000-memory.dmp

Filesize
64KB

Download
memory/4712-138-0x000001F7DA050000-0x000001F7DA060000-memory.dmp

Filesize
64KB

Download
memory/4712-139-0x000001F7DA060000-0x000001F7DA070000-memory.dmp

Filesize
64KB

Download
memory/4712-140-0x000001F7DA070000-0x000001F7DA080000-memory.dmp

Filesize
64KB

Download
memory/4712-142-0x000001F7DA090000-0x000001F7DA0A0000-memory.dmp

Filesize
64KB

Download
memory/4712-141-0x000001F7DA080000-0x000001F7DA090000-memory.dmp

Filesize
64KB

Download
memory/4712-143-0x000001F7DA0A0000-0x000001F7DA0B0000-memory.dmp

Filesize
64KB

Download
memory/4712-146-0x000001F7DA0B0000-0x000001F7DA0C0000-memory.dmp

Filesize
64KB

Download
memory/4712-149-0x000001F7DA0C0000-0x000001F7DA0D0000-memory.dmp

Filesize
64KB

Download
memory/4712-152-0x000001F7DA0D0000-0x000001F7DA0E0000-memory.dmp

Filesize
64KB

Download
memory/4712-154-0x000001F7D8680000-0x000001F7D8681000-memory.dmp

Filesize
4KB

Download
memory/4712-156-0x000001F7DA0E0000-0x000001F7DA0F0000-memory.dmp

Filesize
64KB

Download
memory/4712-196-0x000001F7DA100000-0x000001F7DA110000-memory.dmp

Filesize
64KB

Download
memory/4712-199-0x000001F7DA110000-0x000001F7DA120000-memory.dmp

Filesize
64KB

Download
memory/4712-198-0x000001F7DA0B0000-0x000001F7DA0C0000-memory.dmp

Filesize
64KB

Download
memory/4712-204-0x000001F7DA130000-0x000001F7DA140000-memory.dmp

Filesize
64KB

Download
memory/4712-206-0x000001F7DA140000-0x000001F7DA150000-memory.dmp

Filesize
64KB

Download
memory/4712-208-0x000001F7DA150000-0x000001F7DA160000-memory.dmp

Filesize
64KB

Download
memory/4712-207-0x000001F7DA0C0000-0x000001F7DA0D0000-memory.dmp

Filesize
64KB

Download
memory/4712-203-0x000001F7DA120000-0x000001F7DA130000-memory.dmp

Filesize
64KB

Download
memory/4712-195-0x000001F7DA0F0000-0x000001F7DA100000-memory.dmp

Filesize
64KB

Download
memory/4712-211-0x000001F7DA0D0000-0x000001F7DA0E0000-memory.dmp

Filesize
64KB

Download
memory/4712-213-0x000001F7DA170000-0x000001F7DA180000-memory.dmp

Filesize
64KB

Download
memory/4712-212-0x000001F7DA160000-0x000001F7DA170000-memory.dmp

Filesize
64KB

Download
memory/4712-216-0x000001F7DA180000-0x000001F7DA190000-memory.dmp

Filesize
64KB

Download
memory/4712-215-0x000001F7DA0E0000-0x000001F7DA0F0000-memory.dmp

Filesize
64KB

Download
memory/4712-218-0x000001F7DA190000-0x000001F7DA1A0000-memory.dmp

Filesize
64KB

Download
memory/4712-221-0x000001F7DA1A0000-0x000001F7DA1B0000-memory.dmp

Filesize
64KB

Download
memory/4712-222-0x000001F7DA1B0000-0x000001F7DA1C0000-memory.dmp

Filesize
64KB

Download
memory/4712-224-0x000001F7DA1C0000-0x000001F7DA1D0000-memory.dmp

Filesize
64KB

Download
memory/4712-226-0x000001F7DA0F0000-0x000001F7DA100000-memory.dmp

Filesize
64KB

Download
memory/4712-228-0x000001F7DA1D0000-0x000001F7DA1E0000-memory.dmp

Filesize
64KB

Download
memory/4712-227-0x000001F7DA100000-0x000001F7DA110000-memory.dmp

Filesize
64KB

Download
memory/4712-232-0x000001F7DA1E0000-0x000001F7DA1F0000-memory.dmp

Filesize
64KB

Download
memory/4712-231-0x000001F7DA140000-0x000001F7DA150000-memory.dmp

Filesize
64KB

Download
memory/4712-230-0x000001F7DA110000-0x000001F7DA120000-memory.dmp

Filesize
64KB

Download
memory/4712-236-0x000001F7DA120000-0x000001F7DA130000-memory.dmp

Filesize
64KB

Download
memory/4712-237-0x000001F7DA1F0000-0x000001F7DA200000-memory.dmp

Filesize
64KB

Download
memory/4712-239-0x000001F7DA200000-0x000001F7DA210000-memory.dmp

Filesize
64KB

Download
memory/4712-238-0x000001F7DA150000-0x000001F7DA160000-memory.dmp

Filesize
64KB

Download
memory/4712-242-0x000001F7DA170000-0x000001F7DA180000-memory.dmp

Filesize
64KB

Download
memory/4712-243-0x000001F7DA210000-0x000001F7DA220000-memory.dmp

Filesize
64KB

Download
memory/4712-241-0x000001F7DA160000-0x000001F7DA170000-memory.dmp

Filesize
64KB

Download
memory/4712-246-0x000001F7DA220000-0x000001F7DA230000-memory.dmp

Filesize
64KB

Download
memory/4712-245-0x000001F7DA180000-0x000001F7DA190000-memory.dmp

Filesize
64KB

Download
memory/4712-248-0x000001F7DA190000-0x000001F7DA1A0000-memory.dmp

Filesize
64KB

Download
memory/4712-249-0x000001F7DA230000-0x000001F7DA240000-memory.dmp

Filesize
64KB

Download
memory/4712-253-0x000001F7DA240000-0x000001F7DA250000-memory.dmp

Filesize
64KB

Download
memory/4712-252-0x000001F7DA1A0000-0x000001F7DA1B0000-memory.dmp

Filesize
64KB

Download
memory/4712-256-0x000001F7DA1B0000-0x000001F7DA1C0000-memory.dmp

Filesize
64KB

Download
memory/4712-257-0x000001F7DA250000-0x000001F7DA260000-memory.dmp

Filesize
64KB

Download
memory/4712-267-0x000001F7DA270000-0x000001F7DA280000-memory.dmp

Filesize
64KB

Download
memory/4712-266-0x000001F7DA260000-0x000001F7DA270000-memory.dmp

Filesize
64KB

Download
memory/4712-265-0x000001F7DA1C0000-0x000001F7DA1D0000-memory.dmp

Filesize
64KB

Download