Overview

overview

10

Static

static

3

CrystalDec...ed.dll

windows10-1703-x64

1

KFlauncher.exe

windows10-1703-x64

10

PROPAMAT/A...rk.dll

windows10-1703-x64

1

PROPAMAT/C...et.dll

windows10-1703-x64

1

PROPAMAT/C...ne.dll

windows10-1703-x64

1

PROPAMAT/C...ce.dll

windows10-1703-x64

1

PROPAMAT/C...ms.dll

windows10-1703-x64

1

PROPAMAT/E_Mail.dll

windows10-1703-x64

1

PROPAMAT/E_Net.dll

windows10-1703-x64

1

PROPAMAT/FlDTE.dll

windows10-1703-x64

1

PROPAMAT/F...on.dll

windows10-1703-x64

1

PROPAMAT/F...on.dll

windows10-1703-x64

1

PROPAMAT/F...PE.dll

windows10-1703-x64

1

PROPAMAT/F...es.dll

windows10-1703-x64

1

PROPAMAT/F...PE.dll

windows10-1703-x64

1

PROPAMAT/F...nt.dll

windows10-1703-x64

1

PROPAMAT/F...rk.dll

windows10-1703-x64

1

jre/lib/ex...rn.jar

windows10-1703-x64

7

jre/lib/ext/sunec.jar

windows10-1703-x64

7

jre/lib/ex...er.jar

windows10-1703-x64

7

jre/lib/ex...11.jar

windows10-1703-x64

7

jre/lib/javaws.jar

windows10-1703-x64

7

jre/lib/jce.jar

windows10-1703-x64

7

jre/lib/jfr.jar

windows10-1703-x64

7

jre/lib/jfxswt.jar

windows10-1703-x64

7

jre/lib/jsse.jar

windows10-1703-x64

7

jre/lib/ma...nt.jar

windows10-1703-x64

7

jre/lib/plugin.jar

windows10-1703-x64

7

jre/lib/resources.jar

windows10-1703-x64

7

jre/lib/rt.jar

windows10-1703-x64

7

jre/lib/se...cy.jar

windows10-1703-x64

7

jre/lib/se...cy.jar

windows10-1703-x64

7

Analysis

  • max time kernel
    310s
  • max time network
    397s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30-06-2024 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jre/lib/rt.jar

  • Size

    60.7MB

  • MD5

    edb5b5b3ef4565e4e86bffe647fb1aa2

  • SHA1

    11f5b1b2d729309059b1bd1fe2922251d9451d5f

  • SHA256

    d00351bd39de7dbf9e9fdbb9ee1fd82189189f9bc82e988b58e1e950d1d4bdc8

  • SHA512

    05e7f9ed915610b70664eb7cb68f3f0bba5bd5cf208bbdb54007da5ff6311a6ddbbf057e0df5a346c9042333c29e5c766b2c0a686628f8655c2e75061a9179c1

  • SSDEEP

    786432:WyfysbZyGp7g85KKwcl0HeJgyll3LTjjA:F0GZTjjA

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\jre\lib\rt.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3160

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    64aa39435d2bc3690e3d8ef1f203f7e8

    SHA1

    64669b462e919bed969a62025da865fd220ec8b3

    SHA256

    02a0b45df35efac19944a93116c93ce5feeff27bfd6846823b0a6aebe362ddca

    SHA512

    d0d266bff6b3c2a04160102f799d062380cccc1c6da97cb0681899f456bd1e8b69d82c14f908d07c45b35d859156be70ecbc4e077bc135e3c24616cdbc2bcac0

    Download Submit
  • memory/1788-2-0x000001B3D3020000-0x000001B3D3290000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/1788-12-0x000001B3D17A0000-0x000001B3D17A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1788-13-0x000001B3D3020000-0x000001B3D3290000-memory.dmp
    Filesize

    2.4MB

    Download