Overview

overview

10

Static

static

3

CrystalDec...ed.dll

windows10-1703-x64

1

KFlauncher.exe

windows10-1703-x64

10

PROPAMAT/A...rk.dll

windows10-1703-x64

1

PROPAMAT/C...et.dll

windows10-1703-x64

1

PROPAMAT/C...ne.dll

windows10-1703-x64

1

PROPAMAT/C...ce.dll

windows10-1703-x64

1

PROPAMAT/C...ms.dll

windows10-1703-x64

1

PROPAMAT/E_Mail.dll

windows10-1703-x64

1

PROPAMAT/E_Net.dll

windows10-1703-x64

1

PROPAMAT/FlDTE.dll

windows10-1703-x64

1

PROPAMAT/F...on.dll

windows10-1703-x64

1

PROPAMAT/F...on.dll

windows10-1703-x64

1

PROPAMAT/F...PE.dll

windows10-1703-x64

1

PROPAMAT/F...es.dll

windows10-1703-x64

1

PROPAMAT/F...PE.dll

windows10-1703-x64

1

PROPAMAT/F...nt.dll

windows10-1703-x64

1

PROPAMAT/F...rk.dll

windows10-1703-x64

1

jre/lib/ex...rn.jar

windows10-1703-x64

7

jre/lib/ext/sunec.jar

windows10-1703-x64

7

jre/lib/ex...er.jar

windows10-1703-x64

7

jre/lib/ex...11.jar

windows10-1703-x64

7

jre/lib/javaws.jar

windows10-1703-x64

7

jre/lib/jce.jar

windows10-1703-x64

7

jre/lib/jfr.jar

windows10-1703-x64

7

jre/lib/jfxswt.jar

windows10-1703-x64

7

jre/lib/jsse.jar

windows10-1703-x64

7

jre/lib/ma...nt.jar

windows10-1703-x64

7

jre/lib/plugin.jar

windows10-1703-x64

7

jre/lib/resources.jar

windows10-1703-x64

7

jre/lib/rt.jar

windows10-1703-x64

7

jre/lib/se...cy.jar

windows10-1703-x64

7

jre/lib/se...cy.jar

windows10-1703-x64

7

Analysis

  • max time kernel
    515s
  • max time network
    522s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30-06-2024 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jre/lib/security/US_export_policy.jar

  • Size

    2KB

  • MD5

    ee4ed9c75a1aaa04dfd192382c57900c

  • SHA1

    7d69ea3b385bc067738520f1b5c549e1084be285

  • SHA256

    90012f900cf749a0e52a0775966ef575d390ad46388c49d512838983a554a870

  • SHA512

    eae6a23d2fd7002a55465844e662d7a5e3ed5a6a8baf7317897e59a92a4b806dd26f2a19b7c05984745050b4fe3ffa30646a19c0f08451440e415f958204137c

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\jre\lib\security\US_export_policy.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2152

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    cf8ce2d863164471feef5645aa4fb8f7

    SHA1

    843b11f014c35321d138fa28a3a90b94e8d26cb3

    SHA256

    65034b927d6573f05f2f76ed8cffbd69e3df331c507510ab149287ef958ee954

    SHA512

    7e64f5b6786884811572b413c3fa470b448b09351ff364584590db5b0b2f4fc9d2ce8f774ed44d03b8b7c7261cd1cb247d1a7d7aa0d8828c3ef0225fd36c8b8f

    Download Submit
  • memory/2764-2-0x000001F3F04D0000-0x000001F3F0740000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/2764-12-0x000001F3F04B0000-0x000001F3F04B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2764-13-0x000001F3F04D0000-0x000001F3F0740000-memory.dmp
    Filesize

    2.4MB

    Download