3a2ee2910bfc956a9b8f57c92ff0a18c916f6fd60b0aa37a7b98e04caf41226b

Analysis

max time kernel
213s
max time network
281s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
30-06-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1234.jar
Size

639KB
MD5

e85f4f8c282e15bee2093640bd509058
SHA1

d6cf12345b290da0fb4253d393dda4139c014a13
SHA256

3a2ee2910bfc956a9b8f57c92ff0a18c916f6fd60b0aa37a7b98e04caf41226b
SHA512

eade08fa08fc363a840b034160ffd0f924672a07b6b5bada0c88922da9fdc74eb9db4aa2eb1e6ac3e861023a6ad014eb4a4bebb98c8e74c0840e7675106fa52b
SSDEEP

12288:r/lAQC/SAq1MD4Ps08Tzgs/RRz+du+NuBfgQlSRo53GuM2RMS97DQd:r/iQG21g4ETzgsTKXuB4WXGuxRP97DQd

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

3868 icacls.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

1 4.tcp.eu.ngrok.io
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

java.exe

pid process

4656 java.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 4656 wrote to memory of 3868 4656 java.exe icacls.exe
PID 4656 wrote to memory of 3868 4656 java.exe icacls.exe

pid	process
3868	icacls.exe

flow	ioc
1	4.tcp.eu.ngrok.io

pid	process
4656	java.exe

description	pid	process	target process
PID 4656 wrote to memory of 3868	4656	java.exe	icacls.exe
PID 4656 wrote to memory of 3868	4656	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\1234.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4656

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:3868

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
d331c4d2ffe4351041e37275cb820357

SHA1
80557bd6187b66eec98b8301bda806c29eff7f3b

SHA256
c93a94b7ed10eea8db536d4edb055e4631aaffc7cef30d85da408a41b6ec4a3c

SHA512
6579ff04d40e7e0754b28304e0bc6f4e7db09818d6f2fc045f418cc4656bed92c7d9cb5800bab2f83d1346324cb93a22eaa293fff81862db7478f0c83bc0b112

Download Submit
memory/4656-41-0x00000284565E0000-0x0000028456850000-memory.dmp

Filesize
2.4MB

Download
memory/4656-55-0x00000284568B0000-0x00000284568C0000-memory.dmp

Filesize
64KB

Download
memory/4656-18-0x0000028456860000-0x0000028456870000-memory.dmp

Filesize
64KB

Download
memory/4656-21-0x0000028456870000-0x0000028456880000-memory.dmp

Filesize
64KB

Download
memory/4656-22-0x0000028456880000-0x0000028456890000-memory.dmp

Filesize
64KB

Download
memory/4656-24-0x0000028456890000-0x00000284568A0000-memory.dmp

Filesize
64KB

Download
memory/4656-26-0x00000284568A0000-0x00000284568B0000-memory.dmp

Filesize
64KB

Download
memory/4656-28-0x00000284568B0000-0x00000284568C0000-memory.dmp

Filesize
64KB

Download
memory/4656-32-0x00000284568C0000-0x00000284568D0000-memory.dmp

Filesize
64KB

Download
memory/4656-33-0x00000284565C0000-0x00000284565C1000-memory.dmp

Filesize
4KB

Download
memory/4656-37-0x00000284568D0000-0x00000284568E0000-memory.dmp

Filesize
64KB

Download
memory/4656-38-0x00000284565C0000-0x00000284565C1000-memory.dmp

Filesize
4KB

Download
memory/4656-53-0x0000028456880000-0x0000028456890000-memory.dmp

Filesize
64KB

Download
memory/4656-17-0x0000028456850000-0x0000028456860000-memory.dmp

Filesize
64KB

Download
memory/4656-46-0x0000028456880000-0x0000028456890000-memory.dmp

Filesize
64KB

Download
memory/4656-44-0x0000028456860000-0x0000028456870000-memory.dmp

Filesize
64KB

Download
memory/4656-45-0x0000028456870000-0x0000028456880000-memory.dmp

Filesize
64KB

Download
memory/4656-47-0x00000284568E0000-0x00000284568F0000-memory.dmp

Filesize
64KB

Download
memory/4656-42-0x0000028456850000-0x0000028456860000-memory.dmp

Filesize
64KB

Download
memory/4656-48-0x0000028456890000-0x00000284568A0000-memory.dmp

Filesize
64KB

Download
memory/4656-51-0x00000284565C0000-0x00000284565C1000-memory.dmp

Filesize
4KB

Download
memory/4656-52-0x00000284565E0000-0x0000028456850000-memory.dmp

Filesize
2.4MB

Download
memory/4656-58-0x00000284568E0000-0x00000284568F0000-memory.dmp

Filesize
64KB

Download
memory/4656-57-0x00000284568D0000-0x00000284568E0000-memory.dmp

Filesize
64KB

Download
memory/4656-56-0x00000284568C0000-0x00000284568D0000-memory.dmp

Filesize
64KB

Download
memory/4656-2-0x00000284565E0000-0x0000028456850000-memory.dmp

Filesize
2.4MB

Download
memory/4656-54-0x00000284568A0000-0x00000284568B0000-memory.dmp

Filesize
64KB

Download
memory/4656-39-0x00000284565C0000-0x00000284565C1000-memory.dmp

Filesize
4KB

Download