561ac9394509138348480e01174b172865a62e459b513eaf563e56383f6245d2

Analysis

max time kernel
308s
max time network
402s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-06-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jre/lib/ext/nashorn.jar
Size

1.9MB
MD5

f3e3e7769994c69dff6e35ef938443ca
SHA1

758f42c0a03121ad980dc98be82dcaf790679e79
SHA256

cf0268ff39d19876bd42bf59e2ce93bb9aa57e5ee98c212bae0184bd87f2d35a
SHA512

ab4801e8538b9b84124d2b8c36e64232f16da686c5fa565c5de2091c910806a850464f5ccc79c9320df6f8cb943633fc38fea63f9e0593a44e3541f15f126951
SSDEEP

49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4844 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 2384 wrote to memory of 4844 2384 java.exe icacls.exe
PID 2384 wrote to memory of 4844 2384 java.exe icacls.exe

pid	process
4844	icacls.exe

description	pid	process	target process
PID 2384 wrote to memory of 4844	2384	java.exe	icacls.exe
PID 2384 wrote to memory of 4844	2384	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\jre\lib\ext\nashorn.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2384

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:4844

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
66dc520b0e7d200e26bd500e403f2396

SHA1
d6d964d492e53675158522540a20f172fb8dda99

SHA256
ce3ef3bc2bccb297f50882b5a02ff859a4fe205be1cdbbd3ce56a1f04d4ce3d9

SHA512
de29cc0b2b74c71cc83b9bd8ec968b78d0160391040d71f128eaecd2db7ec10e1a60b2e416898609463e195829e8a42e7dc1d41423fefe183849b2a1fcf3dc2c

Download Submit
memory/2384-34-0x000002D4319F0000-0x000002D431A00000-memory.dmp

Filesize
64KB

Download
memory/2384-47-0x000002D4319E0000-0x000002D4319F0000-memory.dmp

Filesize
64KB

Download
memory/2384-14-0x000002D431960000-0x000002D431970000-memory.dmp

Filesize
64KB

Download
memory/2384-17-0x000002D431970000-0x000002D431980000-memory.dmp

Filesize
64KB

Download
memory/2384-18-0x000002D431980000-0x000002D431990000-memory.dmp

Filesize
64KB

Download
memory/2384-21-0x000002D431990000-0x000002D4319A0000-memory.dmp

Filesize
64KB

Download
memory/2384-22-0x000002D4319A0000-0x000002D4319B0000-memory.dmp

Filesize
64KB

Download
memory/2384-30-0x000002D4319D0000-0x000002D4319E0000-memory.dmp

Filesize
64KB

Download
memory/2384-29-0x000002D4319E0000-0x000002D4319F0000-memory.dmp

Filesize
64KB

Download
memory/2384-28-0x000002D4319C0000-0x000002D4319D0000-memory.dmp

Filesize
64KB

Download
memory/2384-48-0x000002D4319D0000-0x000002D4319E0000-memory.dmp

Filesize
64KB

Download
memory/2384-12-0x000002D42FE30000-0x000002D42FE31000-memory.dmp

Filesize
4KB

Download
memory/2384-35-0x000002D4316F0000-0x000002D431960000-memory.dmp

Filesize
2.4MB

Download
memory/2384-36-0x000002D431A00000-0x000002D431A10000-memory.dmp

Filesize
64KB

Download
memory/2384-37-0x000002D431A10000-0x000002D431A20000-memory.dmp

Filesize
64KB

Download
memory/2384-40-0x000002D431960000-0x000002D431970000-memory.dmp

Filesize
64KB

Download
memory/2384-41-0x000002D431970000-0x000002D431980000-memory.dmp

Filesize
64KB

Download
memory/2384-42-0x000002D431980000-0x000002D431990000-memory.dmp

Filesize
64KB

Download
memory/2384-43-0x000002D431990000-0x000002D4319A0000-memory.dmp

Filesize
64KB

Download
memory/2384-44-0x000002D4319A0000-0x000002D4319B0000-memory.dmp

Filesize
64KB

Download
memory/2384-45-0x000002D4319B0000-0x000002D4319C0000-memory.dmp

Filesize
64KB

Download
memory/2384-2-0x000002D4316F0000-0x000002D431960000-memory.dmp

Filesize
2.4MB

Download
memory/2384-46-0x000002D4319C0000-0x000002D4319D0000-memory.dmp

Filesize
64KB

Download
memory/2384-27-0x000002D4319B0000-0x000002D4319C0000-memory.dmp

Filesize
64KB

Download