f7e8e9920bdc9564f53e75df642512428421e82e489cd2ab212e6b74f498b5e4

Analysis

max time kernel
134s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

skib.jar
Size

639KB
MD5

91c2dcaec167c90b1862a5396ff48980
SHA1

6ff25b0a80cc09f4642f0aa3c2cc59f993595efd
SHA256

f7e8e9920bdc9564f53e75df642512428421e82e489cd2ab212e6b74f498b5e4
SHA512

3b115de549ea5f5c3187a5773e809104eb7a16be6ab0f53106188e28fcdd483bf1142a1b9e34b5b39680235eaa6273f096520e554b539a2c6ced40c6cdece23e
SSDEEP

12288:57xuQk/c2ETin4LCEaZXgo/dRz+xwGNmpBg0F+RaT3yug2hoSr3DAb:57EQAgTq4uXXgoH2Rmp+Kjyuthzr3DAb

Score

7^/10

discovery persistence

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4900 icacls.exe

pid	process
4900	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1719761874582.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

java.exe

pid process

1628 java.exe

pid	process
1628	java.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

java.execmd.exe

description	pid	process	target process
PID 1628 wrote to memory of 4900	1628	java.exe	icacls.exe
PID 1628 wrote to memory of 4900	1628	java.exe	icacls.exe
PID 1628 wrote to memory of 1468	1628	java.exe	attrib.exe
PID 1628 wrote to memory of 1468	1628	java.exe	attrib.exe
PID 1628 wrote to memory of 5004	1628	java.exe	cmd.exe
PID 1628 wrote to memory of 5004	1628	java.exe	cmd.exe
PID 5004 wrote to memory of 5044	5004	cmd.exe	reg.exe
PID 5004 wrote to memory of 5044	5004	cmd.exe	reg.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

1468 attrib.exe

pid	process
1468	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\skib.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:4900

C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719761874582.tmp
2⤵
- Views/modifies file attributes
PID:1468

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719761874582.tmp" /f"
2⤵
- Suspicious use of WriteProcessMemory
PID:5004

C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719761874582.tmp" /f
3⤵
- Adds Run key to start application
PID:5044

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
c0a1e741032c4db6f7fa88d009a280f8

SHA1
a20e2584db8fdf5bb4727778298886a62f8bd54f

SHA256
04a168a9df94365830f5951fba971086a857ebe16b1eeeb8c5d6e20819c4dc1a

SHA512
f2d1866afd6fd91428b8f94ce64cc8272e0d62f80766122a1bc955be8fb5b3710552be5519815e6b367c51815e536910c377bd1580a42acae608104e6847ebd1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1719761874582.tmp
Filesize
639KB

MD5
91c2dcaec167c90b1862a5396ff48980

SHA1
6ff25b0a80cc09f4642f0aa3c2cc59f993595efd

SHA256
f7e8e9920bdc9564f53e75df642512428421e82e489cd2ab212e6b74f498b5e4

SHA512
3b115de549ea5f5c3187a5773e809104eb7a16be6ab0f53106188e28fcdd483bf1142a1b9e34b5b39680235eaa6273f096520e554b539a2c6ced40c6cdece23e

Download Submit
memory/1628-2-0x0000029100000000-0x0000029100270000-memory.dmp

Filesize
2.4MB

Download
memory/1628-17-0x0000029100270000-0x0000029100280000-memory.dmp

Filesize
64KB

Download
memory/1628-18-0x0000029100280000-0x0000029100290000-memory.dmp

Filesize
64KB

Download
memory/1628-21-0x0000029100290000-0x00000291002A0000-memory.dmp

Filesize
64KB

Download
memory/1628-25-0x00000291002B0000-0x00000291002C0000-memory.dmp

Filesize
64KB

Download
memory/1628-24-0x00000291002A0000-0x00000291002B0000-memory.dmp

Filesize
64KB

Download
memory/1628-26-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-27-0x00000291002C0000-0x00000291002D0000-memory.dmp

Filesize
64KB

Download
memory/1628-29-0x00000291002D0000-0x00000291002E0000-memory.dmp

Filesize
64KB

Download
memory/1628-31-0x00000291002E0000-0x00000291002F0000-memory.dmp

Filesize
64KB

Download
memory/1628-36-0x00000291002F0000-0x0000029100300000-memory.dmp

Filesize
64KB

Download
memory/1628-40-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-45-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-46-0x0000029100000000-0x0000029100270000-memory.dmp

Filesize
2.4MB

Download
memory/1628-47-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-48-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-52-0x0000029100270000-0x0000029100280000-memory.dmp

Filesize
64KB

Download
memory/1628-53-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-55-0x0000029100300000-0x0000029100310000-memory.dmp

Filesize
64KB

Download
memory/1628-54-0x0000029100280000-0x0000029100290000-memory.dmp

Filesize
64KB

Download
memory/1628-59-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-60-0x0000029100290000-0x00000291002A0000-memory.dmp

Filesize
64KB

Download
memory/1628-62-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-66-0x00000291002A0000-0x00000291002B0000-memory.dmp

Filesize
64KB

Download
memory/1628-67-0x00000291002B0000-0x00000291002C0000-memory.dmp

Filesize
64KB

Download
memory/1628-69-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-72-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-73-0x00000291002C0000-0x00000291002D0000-memory.dmp

Filesize
64KB

Download
memory/1628-74-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-75-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-78-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-79-0x00000291002D0000-0x00000291002E0000-memory.dmp

Filesize
64KB

Download
memory/1628-80-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-85-0x00000291002E0000-0x00000291002F0000-memory.dmp

Filesize
64KB

Download
memory/1628-87-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-91-0x00000291002F0000-0x0000029100300000-memory.dmp

Filesize
64KB

Download
memory/1628-93-0x000002917D8E0000-0x000002917D8E1000-memory.dmp

Filesize
4KB

Download
memory/1628-105-0x0000029100300000-0x0000029100310000-memory.dmp

Filesize
64KB

Download
memory/1628-106-0x0000029100310000-0x0000029100320000-memory.dmp

Filesize
64KB

Download
memory/1628-137-0x0000029100000000-0x0000029100270000-memory.dmp

Filesize
2.4MB

Download
memory/1628-148-0x0000029100310000-0x0000029100320000-memory.dmp

Filesize
64KB

Download
memory/1628-147-0x0000029100300000-0x0000029100310000-memory.dmp

Filesize
64KB

Download
memory/1628-146-0x00000291002F0000-0x0000029100300000-memory.dmp

Filesize
64KB

Download
memory/1628-145-0x00000291002E0000-0x00000291002F0000-memory.dmp

Filesize
64KB

Download
memory/1628-144-0x00000291002D0000-0x00000291002E0000-memory.dmp

Filesize
64KB

Download
memory/1628-143-0x00000291002C0000-0x00000291002D0000-memory.dmp

Filesize
64KB

Download
memory/1628-142-0x00000291002B0000-0x00000291002C0000-memory.dmp

Filesize
64KB

Download
memory/1628-141-0x00000291002A0000-0x00000291002B0000-memory.dmp

Filesize
64KB

Download
memory/1628-140-0x0000029100290000-0x00000291002A0000-memory.dmp

Filesize
64KB

Download
memory/1628-139-0x0000029100280000-0x0000029100290000-memory.dmp

Filesize
64KB

Download
memory/1628-138-0x0000029100270000-0x0000029100280000-memory.dmp

Filesize
64KB

Download