561ac9394509138348480e01174b172865a62e459b513eaf563e56383f6245d2

Analysis

max time kernel
278s
max time network
623s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
30-06-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jre/lib/plugin.jar
Size

988KB
MD5

54ef6c22faaae5850091031763078d37
SHA1

11d40b78bb606e245cb5e17c6ddb08193a34b40e
SHA256

654b033b1dc315eb9806f0d35abaf3f25064ac806292acb2bd818f6b2df2ad07
SHA512

10998b6508d5571e1ece2001c6e561169d3dbd7580a3de439067d1195fbe85e6bd1729a0874e306234391af963e1b062050276e1ac0e9c9fa289711738b41b31
SSDEEP

24576:q7jNpf26MPAMSL/wxSz2ijt2eejo+oV3vv:6NVZEaL4xSljt2eHNV3

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4784 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 4640 wrote to memory of 4784 4640 java.exe icacls.exe
PID 4640 wrote to memory of 4784 4640 java.exe icacls.exe

pid	process
4784	icacls.exe

description	pid	process	target process
PID 4640 wrote to memory of 4784	4640	java.exe	icacls.exe
PID 4640 wrote to memory of 4784	4640	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\jre\lib\plugin.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4640

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:4784

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
9a883d66da86ece914c80649b9cef975

SHA1
a2fca14476ee34adb9a194a7671e82b2314a9854

SHA256
21e410336e77dc6d633ac53ad9f36ea4f83929ef66301db43d404aa8592327c1

SHA512
0a0e95a9308182c41b50b998e6404b08fe35cdd6114787e2e4ad073c4c34b9b45b883a02905dd28c515fc979389351cb3f0e080fa7a1c8158b9c8bc60e5c4258

Download Submit
memory/4640-2-0x0000025F47DE0000-0x0000025F48050000-memory.dmp

Filesize
2.4MB

Download
memory/4640-12-0x0000025F47DC0000-0x0000025F47DC1000-memory.dmp

Filesize
4KB

Download
memory/4640-14-0x0000025F47DE0000-0x0000025F48050000-memory.dmp

Filesize
2.4MB

Download