Overview

overview

10

Static

static

3

CrystalDec...ed.dll

windows10-1703-x64

1

KFlauncher.exe

windows10-1703-x64

10

PROPAMAT/A...rk.dll

windows10-1703-x64

1

PROPAMAT/C...et.dll

windows10-1703-x64

1

PROPAMAT/C...ne.dll

windows10-1703-x64

1

PROPAMAT/C...ce.dll

windows10-1703-x64

1

PROPAMAT/C...ms.dll

windows10-1703-x64

1

PROPAMAT/E_Mail.dll

windows10-1703-x64

1

PROPAMAT/E_Net.dll

windows10-1703-x64

1

PROPAMAT/FlDTE.dll

windows10-1703-x64

1

PROPAMAT/F...on.dll

windows10-1703-x64

1

PROPAMAT/F...on.dll

windows10-1703-x64

1

PROPAMAT/F...PE.dll

windows10-1703-x64

1

PROPAMAT/F...es.dll

windows10-1703-x64

1

PROPAMAT/F...PE.dll

windows10-1703-x64

1

PROPAMAT/F...nt.dll

windows10-1703-x64

1

PROPAMAT/F...rk.dll

windows10-1703-x64

1

jre/lib/ex...rn.jar

windows10-1703-x64

7

jre/lib/ext/sunec.jar

windows10-1703-x64

7

jre/lib/ex...er.jar

windows10-1703-x64

7

jre/lib/ex...11.jar

windows10-1703-x64

7

jre/lib/javaws.jar

windows10-1703-x64

7

jre/lib/jce.jar

windows10-1703-x64

7

jre/lib/jfr.jar

windows10-1703-x64

7

jre/lib/jfxswt.jar

windows10-1703-x64

7

jre/lib/jsse.jar

windows10-1703-x64

7

jre/lib/ma...nt.jar

windows10-1703-x64

7

jre/lib/plugin.jar

windows10-1703-x64

7

jre/lib/resources.jar

windows10-1703-x64

7

jre/lib/rt.jar

windows10-1703-x64

7

jre/lib/se...cy.jar

windows10-1703-x64

7

jre/lib/se...cy.jar

windows10-1703-x64

7

Analysis

  • max time kernel
    309s
  • max time network
    390s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30-06-2024 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jre/lib/ext/sunjce_provider.jar

  • Size

    272KB

  • MD5

    b04074a9fc78dc1409168e1e2d139647

  • SHA1

    54182c904a48364fc572e3a2631df14823c29cef

  • SHA256

    bfad3fb11e7115aaf34719488551bf3205b2faffb38681c7f6bdad19bb7568c2

  • SHA512

    e97ca3d53e867e957bf467688f83c53b2fd6ff1ea001b19f03a23096581dc8adcec7c1403d164d063b1a437e4bf6fa98e1543626849d4e17e31156cb012f9599

  • SSDEEP

    3072:E/Ieog0SgEOU8pqHbQpr16jWun5bT1aReAaTFMzpx2Xcpll+PrA3YaRBlLi:E/m9eJsppCLJTURe9TFMrQ0fkUK

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\jre\lib\ext\sunjce_provider.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4964

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    ef05ce33c560fefeb4b32fa362aa94cf

    SHA1

    415b86290769724bda5281b86bc377c32f99108b

    SHA256

    3cb9c72873bbd509d9022139a117fca2de3bfce3fec498128eb0018622677751

    SHA512

    b0a1ab23d8ab9af7b6a28a7093e317ae673116f5d1168d37ebc5427aabd982b20effbcf3975393989010522f177366e505af55bbca8e662d9e61be8a60dadb50

    Download Submit
  • memory/5076-2-0x000001633CE80000-0x000001633D0F0000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/5076-12-0x000001633CE60000-0x000001633CE61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5076-13-0x000001633CE80000-0x000001633D0F0000-memory.dmp
    Filesize

    2.4MB

    Download