deadcb746127893dc0e83926143ae6af87697c308a8122dcd390956194595339

Analysis

max time kernel
440s
max time network
442s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af3a6b35935ec9a991e853f2a386e38bd91d5d2f2d9c35cb6ca5b1481cb5ec45.jar
Size

203KB
MD5

e61042273c1bd9c0a7ea0bc9148cde03
SHA1

4a00bf1ff4bb6f308556a383f70bd67bd6a87282
SHA256

af3a6b35935ec9a991e853f2a386e38bd91d5d2f2d9c35cb6ca5b1481cb5ec45
SHA512

da27c7f1293b4817b2a17f4ec50e7729345f828f0e8141bde37c0be86decb535f93eccaabec15a4048755f5ba1a397a142a8bfab0df422370de14a74bb14a263
SSDEEP

3072:iV+8Cg5sDtvolhhIMNQLfdDqrp81gYNJk4uzY+JqtT0zPLoBsWfTyjn+:sjStvGhXNjt81gYNqNcpYzP0WWfT4+

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

992 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 3952 wrote to memory of 992 3952 java.exe icacls.exe
PID 3952 wrote to memory of 992 3952 java.exe icacls.exe

pid	process
992	icacls.exe

description	pid	process	target process
PID 3952 wrote to memory of 992	3952	java.exe	icacls.exe
PID 3952 wrote to memory of 992	3952	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\af3a6b35935ec9a991e853f2a386e38bd91d5d2f2d9c35cb6ca5b1481cb5ec45.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3952

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:992

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
f1938a78b1f1d34ff1cbc00f13ad4942

SHA1
fb474555a9e6cace1b6b4c343e026da62cdeabe4

SHA256
64d5d0658aa4a1fd16ca45340a0f44901915f18d0cec0af30edeb9b20d0cb594

SHA512
ca01469a052975e2afb6b3555be4e6162e003d91788ccd15c3f862be5a8584b412eb2b405e035c9967e37c4e3571c4bd12a326da2e43b7286db0597516ad7805

Download Submit
memory/3952-2-0x0000020FCF720000-0x0000020FCF990000-memory.dmp

Filesize
2.4MB

Download
memory/3952-14-0x0000020FCF990000-0x0000020FCF9A0000-memory.dmp

Filesize
64KB

Download
memory/3952-17-0x0000020FCF9B0000-0x0000020FCF9C0000-memory.dmp

Filesize
64KB

Download
memory/3952-16-0x0000020FCF9A0000-0x0000020FCF9B0000-memory.dmp

Filesize
64KB

Download
memory/3952-23-0x0000020FCF9E0000-0x0000020FCF9F0000-memory.dmp

Filesize
64KB

Download
memory/3952-22-0x0000020FCF9D0000-0x0000020FCF9E0000-memory.dmp

Filesize
64KB

Download
memory/3952-21-0x0000020FCF9C0000-0x0000020FCF9D0000-memory.dmp

Filesize
64KB

Download
memory/3952-26-0x0000020FCF9F0000-0x0000020FCFA00000-memory.dmp

Filesize
64KB

Download
memory/3952-29-0x0000020FCFA10000-0x0000020FCFA20000-memory.dmp

Filesize
64KB

Download
memory/3952-28-0x0000020FCFA00000-0x0000020FCFA10000-memory.dmp

Filesize
64KB

Download
memory/3952-35-0x0000020FCFA20000-0x0000020FCFA30000-memory.dmp

Filesize
64KB

Download
memory/3952-37-0x0000020FCDE40000-0x0000020FCDE41000-memory.dmp

Filesize
4KB

Download
memory/3952-38-0x0000020FCFA30000-0x0000020FCFA40000-memory.dmp

Filesize
64KB

Download
memory/3952-43-0x0000020FCFA50000-0x0000020FCFA60000-memory.dmp

Filesize
64KB

Download
memory/3952-42-0x0000020FCFA40000-0x0000020FCFA50000-memory.dmp

Filesize
64KB

Download
memory/3952-46-0x0000020FCFA60000-0x0000020FCFA70000-memory.dmp

Filesize
64KB

Download
memory/3952-47-0x0000020FCFA70000-0x0000020FCFA80000-memory.dmp

Filesize
64KB

Download
memory/3952-56-0x0000020FCFAB0000-0x0000020FCFAC0000-memory.dmp

Filesize
64KB

Download
memory/3952-55-0x0000020FCF990000-0x0000020FCF9A0000-memory.dmp

Filesize
64KB

Download
memory/3952-54-0x0000020FCFA90000-0x0000020FCFAA0000-memory.dmp

Filesize
64KB

Download
memory/3952-53-0x0000020FCFAA0000-0x0000020FCFAB0000-memory.dmp

Filesize
64KB

Download
memory/3952-52-0x0000020FCFA80000-0x0000020FCFA90000-memory.dmp

Filesize
64KB

Download
memory/3952-51-0x0000020FCF720000-0x0000020FCF990000-memory.dmp

Filesize
2.4MB

Download
memory/3952-60-0x0000020FCF9A0000-0x0000020FCF9B0000-memory.dmp

Filesize
64KB

Download
memory/3952-61-0x0000020FCF9B0000-0x0000020FCF9C0000-memory.dmp

Filesize
64KB

Download
memory/3952-63-0x0000020FCF9C0000-0x0000020FCF9D0000-memory.dmp

Filesize
64KB

Download
memory/3952-65-0x0000020FCF9E0000-0x0000020FCF9F0000-memory.dmp

Filesize
64KB

Download
memory/3952-64-0x0000020FCF9D0000-0x0000020FCF9E0000-memory.dmp

Filesize
64KB

Download
memory/3952-66-0x0000020FCF9F0000-0x0000020FCFA00000-memory.dmp

Filesize
64KB

Download
memory/3952-67-0x0000020FCFA00000-0x0000020FCFA10000-memory.dmp

Filesize
64KB

Download
memory/3952-68-0x0000020FCFA10000-0x0000020FCFA20000-memory.dmp

Filesize
64KB

Download
memory/3952-69-0x0000020FCFA20000-0x0000020FCFA30000-memory.dmp

Filesize
64KB

Download
memory/3952-72-0x0000020FCFAC0000-0x0000020FCFAD0000-memory.dmp

Filesize
64KB

Download
memory/3952-71-0x0000020FCFA30000-0x0000020FCFA40000-memory.dmp

Filesize
64KB

Download
memory/3952-75-0x0000020FCFA50000-0x0000020FCFA60000-memory.dmp

Filesize
64KB

Download
memory/3952-74-0x0000020FCFA40000-0x0000020FCFA50000-memory.dmp

Filesize
64KB

Download
memory/3952-76-0x0000020FCFA60000-0x0000020FCFA70000-memory.dmp

Filesize
64KB

Download
memory/3952-77-0x0000020FCFAD0000-0x0000020FCFAE0000-memory.dmp

Filesize
64KB

Download
memory/3952-79-0x0000020FCFA70000-0x0000020FCFA80000-memory.dmp

Filesize
64KB

Download
memory/3952-81-0x0000020FCFAE0000-0x0000020FCFAF0000-memory.dmp

Filesize
64KB

Download
memory/3952-80-0x0000020FCFA80000-0x0000020FCFA90000-memory.dmp

Filesize
64KB

Download
memory/3952-85-0x0000020FCFB00000-0x0000020FCFB10000-memory.dmp

Filesize
64KB

Download
memory/3952-84-0x0000020FCFAF0000-0x0000020FCFB00000-memory.dmp

Filesize
64KB

Download
memory/3952-89-0x0000020FCFB10000-0x0000020FCFB20000-memory.dmp

Filesize
64KB

Download
memory/3952-88-0x0000020FCFAB0000-0x0000020FCFAC0000-memory.dmp

Filesize
64KB

Download
memory/3952-87-0x0000020FCFA90000-0x0000020FCFAA0000-memory.dmp

Filesize
64KB

Download
memory/3952-93-0x0000020FCFB30000-0x0000020FCFB40000-memory.dmp

Filesize
64KB

Download
memory/3952-91-0x0000020FCFB20000-0x0000020FCFB30000-memory.dmp

Filesize
64KB

Download
memory/3952-96-0x0000020FCFB40000-0x0000020FCFB50000-memory.dmp

Filesize
64KB

Download
memory/3952-97-0x0000020FCFB50000-0x0000020FCFB60000-memory.dmp

Filesize
64KB

Download
memory/3952-101-0x0000020FCFB60000-0x0000020FCFB70000-memory.dmp

Filesize
64KB

Download
memory/3952-100-0x0000020FCFB70000-0x0000020FCFB80000-memory.dmp

Filesize
64KB

Download
memory/3952-103-0x0000020FCFB80000-0x0000020FCFB90000-memory.dmp

Filesize
64KB

Download
memory/3952-108-0x0000020FCFBA0000-0x0000020FCFBB0000-memory.dmp

Filesize
64KB

Download
memory/3952-107-0x0000020FCFB90000-0x0000020FCFBA0000-memory.dmp

Filesize
64KB

Download
memory/3952-106-0x0000020FCFAC0000-0x0000020FCFAD0000-memory.dmp

Filesize
64KB

Download
memory/3952-111-0x0000020FCDE40000-0x0000020FCDE41000-memory.dmp

Filesize
4KB

Download
memory/3952-121-0x0000020FCDE40000-0x0000020FCDE41000-memory.dmp

Filesize
4KB

Download
memory/3952-125-0x0000020FCDE40000-0x0000020FCDE41000-memory.dmp

Filesize
4KB

Download
memory/3952-132-0x0000020FCFBB0000-0x0000020FCFBC0000-memory.dmp

Filesize
64KB

Download
memory/3952-131-0x0000020FCFAD0000-0x0000020FCFAE0000-memory.dmp

Filesize
64KB

Download
memory/3952-136-0x0000020FCFBC0000-0x0000020FCFBD0000-memory.dmp

Filesize
64KB

Download
memory/3952-138-0x0000020FCFB00000-0x0000020FCFB10000-memory.dmp

Filesize
64KB

Download
memory/3952-139-0x0000020FCFBD0000-0x0000020FCFBE0000-memory.dmp

Filesize
64KB

Download
memory/3952-137-0x0000020FCFAF0000-0x0000020FCFB00000-memory.dmp

Filesize
64KB

Download
memory/3952-135-0x0000020FCFAE0000-0x0000020FCFAF0000-memory.dmp

Filesize
64KB

Download
memory/3952-142-0x0000020FCFBE0000-0x0000020FCFBF0000-memory.dmp

Filesize
64KB

Download
memory/3952-141-0x0000020FCFB10000-0x0000020FCFB20000-memory.dmp

Filesize
64KB

Download
memory/3952-145-0x0000020FCFBF0000-0x0000020FCFC00000-memory.dmp

Filesize
64KB

Download
memory/3952-144-0x0000020FCFB20000-0x0000020FCFB30000-memory.dmp

Filesize
64KB

Download
memory/3952-147-0x0000020FCFB30000-0x0000020FCFB40000-memory.dmp

Filesize
64KB

Download
memory/3952-148-0x0000020FCFC00000-0x0000020FCFC10000-memory.dmp

Filesize
64KB

Download
memory/3952-151-0x0000020FCFB40000-0x0000020FCFB50000-memory.dmp

Filesize
64KB

Download
memory/3952-152-0x0000020FCFB50000-0x0000020FCFB60000-memory.dmp

Filesize
64KB

Download
memory/3952-154-0x0000020FCFC10000-0x0000020FCFC20000-memory.dmp

Filesize
64KB

Download
memory/3952-153-0x0000020FCFC20000-0x0000020FCFC30000-memory.dmp

Filesize
64KB

Download
memory/3952-158-0x0000020FCFC30000-0x0000020FCFC40000-memory.dmp

Filesize
64KB

Download
memory/3952-156-0x0000020FCFB70000-0x0000020FCFB80000-memory.dmp

Filesize
64KB

Download
memory/3952-157-0x0000020FCFB60000-0x0000020FCFB70000-memory.dmp

Filesize
64KB

Download
memory/3952-162-0x0000020FCDE40000-0x0000020FCDE41000-memory.dmp

Filesize
4KB

Download
memory/3952-168-0x0000020FCDE40000-0x0000020FCDE41000-memory.dmp

Filesize
4KB

Download
memory/3952-177-0x0000020FCDE40000-0x0000020FCDE41000-memory.dmp

Filesize
4KB

Download
memory/3952-183-0x0000020FCFC40000-0x0000020FCFC50000-memory.dmp

Filesize
64KB

Download
memory/3952-182-0x0000020FCFB80000-0x0000020FCFB90000-memory.dmp

Filesize
64KB

Download
memory/3952-188-0x0000020FCFC50000-0x0000020FCFC60000-memory.dmp

Filesize
64KB

Download
memory/3952-187-0x0000020FCFBA0000-0x0000020FCFBB0000-memory.dmp

Filesize
64KB

Download
memory/3952-186-0x0000020FCFB90000-0x0000020FCFBA0000-memory.dmp

Filesize
64KB

Download
memory/3952-192-0x0000020FCFC60000-0x0000020FCFC70000-memory.dmp

Filesize
64KB

Download
memory/3952-191-0x0000020FCFBB0000-0x0000020FCFBC0000-memory.dmp

Filesize
64KB

Download
memory/3952-197-0x0000020FCFC70000-0x0000020FCFC80000-memory.dmp

Filesize
64KB

Download
memory/3952-196-0x0000020FCFBC0000-0x0000020FCFBD0000-memory.dmp

Filesize
64KB

Download
memory/3952-202-0x0000020FCFBD0000-0x0000020FCFBE0000-memory.dmp

Filesize
64KB

Download
memory/3952-203-0x0000020FCFC80000-0x0000020FCFC90000-memory.dmp

Filesize
64KB

Download
memory/3952-207-0x0000020FCFCA0000-0x0000020FCFCB0000-memory.dmp

Filesize
64KB

Download
memory/3952-206-0x0000020FCFC90000-0x0000020FCFCA0000-memory.dmp

Filesize
64KB

Download
memory/3952-205-0x0000020FCFBE0000-0x0000020FCFBF0000-memory.dmp

Filesize
64KB

Download
memory/3952-212-0x0000020FCFCB0000-0x0000020FCFCC0000-memory.dmp

Filesize
64KB

Download
memory/3952-211-0x0000020FCFBF0000-0x0000020FCFC00000-memory.dmp

Filesize
64KB

Download
memory/3952-213-0x0000020FCFC00000-0x0000020FCFC10000-memory.dmp

Filesize
64KB

Download
memory/3952-214-0x0000020FCFC20000-0x0000020FCFC30000-memory.dmp

Filesize
64KB

Download
memory/3952-215-0x0000020FCFC10000-0x0000020FCFC20000-memory.dmp

Filesize
64KB

Download
memory/3952-216-0x0000020FCFC30000-0x0000020FCFC40000-memory.dmp

Filesize
64KB

Download
memory/3952-217-0x0000020FCFC40000-0x0000020FCFC50000-memory.dmp

Filesize
64KB

Download
memory/3952-239-0x0000020FCDE40000-0x0000020FCDE41000-memory.dmp

Filesize
4KB

Download