Overview

overview

10

Static

static

3

CrystalDec...ed.dll

windows10-1703-x64

1

KFlauncher.exe

windows10-1703-x64

10

PROPAMAT/A...rk.dll

windows10-1703-x64

1

PROPAMAT/C...et.dll

windows10-1703-x64

1

PROPAMAT/C...ne.dll

windows10-1703-x64

1

PROPAMAT/C...ce.dll

windows10-1703-x64

1

PROPAMAT/C...ms.dll

windows10-1703-x64

1

PROPAMAT/E_Mail.dll

windows10-1703-x64

1

PROPAMAT/E_Net.dll

windows10-1703-x64

1

PROPAMAT/FlDTE.dll

windows10-1703-x64

1

PROPAMAT/F...on.dll

windows10-1703-x64

1

PROPAMAT/F...on.dll

windows10-1703-x64

1

PROPAMAT/F...PE.dll

windows10-1703-x64

1

PROPAMAT/F...es.dll

windows10-1703-x64

1

PROPAMAT/F...PE.dll

windows10-1703-x64

1

PROPAMAT/F...nt.dll

windows10-1703-x64

1

PROPAMAT/F...rk.dll

windows10-1703-x64

1

jre/lib/ex...rn.jar

windows10-1703-x64

7

jre/lib/ext/sunec.jar

windows10-1703-x64

7

jre/lib/ex...er.jar

windows10-1703-x64

7

jre/lib/ex...11.jar

windows10-1703-x64

7

jre/lib/javaws.jar

windows10-1703-x64

7

jre/lib/jce.jar

windows10-1703-x64

7

jre/lib/jfr.jar

windows10-1703-x64

7

jre/lib/jfxswt.jar

windows10-1703-x64

7

jre/lib/jsse.jar

windows10-1703-x64

7

jre/lib/ma...nt.jar

windows10-1703-x64

7

jre/lib/plugin.jar

windows10-1703-x64

7

jre/lib/resources.jar

windows10-1703-x64

7

jre/lib/rt.jar

windows10-1703-x64

7

jre/lib/se...cy.jar

windows10-1703-x64

7

jre/lib/se...cy.jar

windows10-1703-x64

7

Analysis

  • max time kernel
    308s
  • max time network
    396s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30-06-2024 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jre/lib/jfr.jar

  • Size

    547KB

  • MD5

    ccb395235c35c3acba592b21138cc6ab

  • SHA1

    29c463aa4780f13e77fb08cc151f68ca2b2958d5

  • SHA256

    27ad8ea5192ee2d91ba7a0eace9843cb19f5e145259466158c2f48c971eb7b8f

  • SHA512

    d4c330741387f62dd6e52b41167cb11abd8615675fe7e1c14ae05a52f87a348cbc64b56866ae313b2906b33ce98be73681f769a4a54f6fe9a7d056f88cf9a4e1

  • SSDEEP

    12288:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cD:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f3

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\jre\lib\jfr.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4672
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1768

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    a9bd0db325fc6e49cbff6d2bacc18fed

    SHA1

    60a60632c87cef12d43f42f976747471ffcc336e

    SHA256

    27ce321d60b61a18215e5915ec9705c5ce312b2cb3bb5381c053d04541b5e7a9

    SHA512

    b730bcd6cd35847304fb80910ac063f6efe73012314e2ef967bc434d3b5dbdeed1a32302a8db00bad686ea07e7f5f2de08c9460199a93e2f4c6fd06f85655aef

    Download Submit
  • memory/4672-2-0x00000191A6530000-0x00000191A67A0000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4672-12-0x00000191A6510000-0x00000191A6511000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4672-13-0x00000191A6530000-0x00000191A67A0000-memory.dmp
    Filesize

    2.4MB

    Download