99369a9b242918bb894783f709c523cc38845251581fc328168cbcae0803fc44

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d973610e8b55146759ae1b8cea3dcd9c.exe
Size

4.4MB
MD5

d973610e8b55146759ae1b8cea3dcd9c
SHA1

2e07ec8fb61f9dd14a174ca1bfe5f402fedc094f
SHA256

99369a9b242918bb894783f709c523cc38845251581fc328168cbcae0803fc44
SHA512

17b4e7719311a8801802eff05b6534afdce29a74f8f6974dd77aeb9b483efe9ffdcc6591362c017513d01e5c0dfd9d16ec7e9f9c97f9a18f4abc84b9873f77da
SSDEEP

98304:pQfU48WhP2ncbEzoXw0kyIG5DcITcAMajj/urVA:pYbhP2ncFg0kyIGZTczajDuri

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4892 icacls.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

javaw.exe

pid process

2220 javaw.exe
2220 javaw.exe
2220 javaw.exe
2220 javaw.exe

pid	process
4892	icacls.exe

pid	process
2220	javaw.exe
2220	javaw.exe
2220	javaw.exe
2220	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

d973610e8b55146759ae1b8cea3dcd9c.exejavaw.exe

description	pid	process	target process
PID 4444 wrote to memory of 2220	4444	d973610e8b55146759ae1b8cea3dcd9c.exe	javaw.exe
PID 4444 wrote to memory of 2220	4444	d973610e8b55146759ae1b8cea3dcd9c.exe	javaw.exe
PID 2220 wrote to memory of 4892	2220	javaw.exe	icacls.exe
PID 2220 wrote to memory of 4892	2220	javaw.exe	icacls.exe

C:\Users\Admin\AppData\Local\Temp\d973610e8b55146759ae1b8cea3dcd9c.exe
"C:\Users\Admin\AppData\Local\Temp\d973610e8b55146759ae1b8cea3dcd9c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4444

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\AppData\Local\Temp\d973610e8b55146759ae1b8cea3dcd9c.exe"
2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
3⤵
- Modifies file permissions
PID:4892

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
5f81ffa62d7de9371a295f4770a3a988

SHA1
76c0dfbdfdfc450ac76742957c374249640793fd

SHA256
56066d8c8fbec0990adf6eb095b8dcb7f5fc48d3ad2680907f6a022a5798bce1

SHA512
3257eff5e5036b5b2073c6371e2b8fffac282318fbb8d4a47d06ec1a49c44e2d3f4951a33833fd897bbd20e13b43d0e9158c7cd213ede960e4064e7eae793f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio1897815230581559106.tmp
Filesize
344B

MD5
d141cc8e71a3351f1aacb88a74b45fa4

SHA1
323cb27d8b7772b4b928a00706d4efe3b1104f52

SHA256
2788675e062e1111ead50a9a05971a7c11fe6246a89f571cf9f59ed68c72bb17

SHA512
315dfcf01f450b907f2cdfc9661db728789ec2440dd6985d914d024bd3c0798e602f7e230e60a8ffee8f39c95de68477d3b4def580a292e263d48bc23babae09

Download Submit
memory/2220-3-0x000002A056570000-0x000002A0567E0000-memory.dmp

Filesize
2.4MB

Download
memory/2220-13-0x000002A056550000-0x000002A056551000-memory.dmp

Filesize
4KB

Download
memory/2220-16-0x000002A0567E0000-0x000002A0567F0000-memory.dmp

Filesize
64KB

Download
memory/2220-18-0x000002A0567F0000-0x000002A056800000-memory.dmp

Filesize
64KB

Download
memory/2220-19-0x000002A056800000-0x000002A056810000-memory.dmp

Filesize
64KB

Download
memory/2220-21-0x000002A056810000-0x000002A056820000-memory.dmp

Filesize
64KB

Download
memory/2220-25-0x000002A056830000-0x000002A056840000-memory.dmp

Filesize
64KB

Download
memory/2220-24-0x000002A056820000-0x000002A056830000-memory.dmp

Filesize
64KB

Download
memory/2220-27-0x000002A056840000-0x000002A056850000-memory.dmp

Filesize
64KB

Download
memory/2220-29-0x000002A056850000-0x000002A056860000-memory.dmp

Filesize
64KB

Download
memory/2220-32-0x000002A056570000-0x000002A0567E0000-memory.dmp

Filesize
2.4MB

Download
memory/2220-33-0x000002A0567E0000-0x000002A0567F0000-memory.dmp

Filesize
64KB

Download
memory/2220-36-0x000002A056800000-0x000002A056810000-memory.dmp

Filesize
64KB

Download
memory/2220-35-0x000002A0567F0000-0x000002A056800000-memory.dmp

Filesize
64KB

Download
memory/2220-37-0x000002A056860000-0x000002A056870000-memory.dmp

Filesize
64KB

Download
memory/2220-41-0x000002A056550000-0x000002A056551000-memory.dmp

Filesize
4KB

Download
memory/2220-44-0x000002A056550000-0x000002A056551000-memory.dmp

Filesize
4KB

Download
memory/2220-46-0x000002A056810000-0x000002A056820000-memory.dmp

Filesize
64KB

Download
memory/2220-47-0x000002A056870000-0x000002A056880000-memory.dmp

Filesize
64KB

Download
memory/2220-51-0x000002A056830000-0x000002A056840000-memory.dmp

Filesize
64KB

Download
memory/2220-50-0x000002A056820000-0x000002A056830000-memory.dmp

Filesize
64KB

Download
memory/2220-52-0x000002A056840000-0x000002A056850000-memory.dmp

Filesize
64KB

Download
memory/2220-53-0x000002A056850000-0x000002A056860000-memory.dmp

Filesize
64KB

Download
memory/2220-58-0x000002A056550000-0x000002A056551000-memory.dmp

Filesize
4KB

Download
memory/2220-62-0x000002A056880000-0x000002A056890000-memory.dmp

Filesize
64KB

Download
memory/2220-66-0x000002A056890000-0x000002A0568A0000-memory.dmp

Filesize
64KB

Download
memory/2220-68-0x000002A0568A0000-0x000002A0568B0000-memory.dmp

Filesize
64KB

Download
memory/2220-77-0x000002A0568B0000-0x000002A0568C0000-memory.dmp

Filesize
64KB

Download
memory/2220-76-0x000002A056860000-0x000002A056870000-memory.dmp

Filesize
64KB

Download
memory/2220-106-0x000002A0568C0000-0x000002A0568D0000-memory.dmp

Filesize
64KB

Download
memory/2220-102-0x000002A056870000-0x000002A056880000-memory.dmp

Filesize
64KB

Download
memory/2220-108-0x000002A056550000-0x000002A056551000-memory.dmp

Filesize
4KB

Download
memory/2220-111-0x000002A0568D0000-0x000002A0568E0000-memory.dmp

Filesize
64KB

Download
memory/2220-116-0x000002A0568E0000-0x000002A0568F0000-memory.dmp

Filesize
64KB

Download
memory/2220-118-0x000002A0568F0000-0x000002A056900000-memory.dmp

Filesize
64KB

Download
memory/2220-137-0x000002A056550000-0x000002A056551000-memory.dmp

Filesize
4KB

Download
memory/2220-143-0x000002A056900000-0x000002A056910000-memory.dmp

Filesize
64KB

Download
memory/2220-175-0x000002A056910000-0x000002A056920000-memory.dmp

Filesize
64KB

Download
memory/2220-180-0x000002A056880000-0x000002A056890000-memory.dmp

Filesize
64KB

Download
memory/2220-181-0x000002A056920000-0x000002A056930000-memory.dmp

Filesize
64KB

Download
memory/2220-183-0x000002A056890000-0x000002A0568A0000-memory.dmp

Filesize
64KB

Download
memory/2220-184-0x000002A056930000-0x000002A056940000-memory.dmp

Filesize
64KB

Download
memory/2220-207-0x000002A056940000-0x000002A056950000-memory.dmp

Filesize
64KB

Download
memory/2220-206-0x000002A0568A0000-0x000002A0568B0000-memory.dmp

Filesize
64KB

Download
memory/2220-212-0x000002A056950000-0x000002A056960000-memory.dmp

Filesize
64KB

Download
memory/2220-211-0x000002A0568B0000-0x000002A0568C0000-memory.dmp

Filesize
64KB

Download
memory/2220-219-0x000002A056960000-0x000002A056970000-memory.dmp

Filesize
64KB

Download
memory/2220-218-0x000002A0568C0000-0x000002A0568D0000-memory.dmp

Filesize
64KB

Download
memory/2220-242-0x000002A0568D0000-0x000002A0568E0000-memory.dmp

Filesize
64KB

Download
memory/2220-243-0x000002A056970000-0x000002A056980000-memory.dmp

Filesize
64KB

Download
memory/2220-258-0x000002A0568E0000-0x000002A0568F0000-memory.dmp

Filesize
64KB

Download
memory/2220-260-0x000002A056990000-0x000002A0569A0000-memory.dmp

Filesize
64KB

Download
memory/2220-259-0x000002A056980000-0x000002A056990000-memory.dmp

Filesize
64KB

Download
memory/2220-266-0x000002A0568F0000-0x000002A056900000-memory.dmp

Filesize
64KB

Download
memory/2220-268-0x000002A0569A0000-0x000002A0569B0000-memory.dmp

Filesize
64KB

Download
memory/2220-273-0x000002A056900000-0x000002A056910000-memory.dmp

Filesize
64KB

Download
memory/2220-277-0x000002A0569C0000-0x000002A0569D0000-memory.dmp

Filesize
64KB

Download
memory/2220-275-0x000002A056910000-0x000002A056920000-memory.dmp

Filesize
64KB

Download
memory/2220-281-0x000002A0569D0000-0x000002A0569E0000-memory.dmp

Filesize
64KB

Download
memory/2220-279-0x000002A056920000-0x000002A056930000-memory.dmp

Filesize
64KB

Download
memory/2220-274-0x000002A0569B0000-0x000002A0569C0000-memory.dmp

Filesize
64KB

Download
memory/2220-288-0x000002A056A00000-0x000002A056A10000-memory.dmp

Filesize
64KB

Download
memory/2220-287-0x000002A0569F0000-0x000002A056A00000-memory.dmp

Filesize
64KB

Download
memory/2220-293-0x000002A056A20000-0x000002A056A30000-memory.dmp

Filesize
64KB

Download
memory/2220-305-0x000002A056A70000-0x000002A056A80000-memory.dmp

Filesize
64KB

Download
memory/2220-303-0x000002A056A50000-0x000002A056A60000-memory.dmp

Filesize
64KB

Download
memory/2220-300-0x000002A056950000-0x000002A056960000-memory.dmp

Filesize
64KB

Download
memory/2220-292-0x000002A056A10000-0x000002A056A20000-memory.dmp

Filesize
64KB

Download
memory/2220-291-0x000002A056940000-0x000002A056950000-memory.dmp

Filesize
64KB

Download
memory/2220-286-0x000002A0569E0000-0x000002A0569F0000-memory.dmp

Filesize
64KB

Download
memory/2220-285-0x000002A056930000-0x000002A056940000-memory.dmp

Filesize
64KB

Download
memory/2220-304-0x000002A056A60000-0x000002A056A70000-memory.dmp

Filesize
64KB

Download
memory/2220-302-0x000002A056A40000-0x000002A056A50000-memory.dmp

Filesize
64KB

Download
memory/2220-301-0x000002A056A30000-0x000002A056A40000-memory.dmp

Filesize
64KB

Download
memory/2220-312-0x000002A056A80000-0x000002A056A90000-memory.dmp

Filesize
64KB

Download
memory/2220-311-0x000002A056960000-0x000002A056970000-memory.dmp

Filesize
64KB

Download
memory/2220-346-0x000002A056970000-0x000002A056980000-memory.dmp

Filesize
64KB

Download
memory/2220-347-0x000002A056A90000-0x000002A056AA0000-memory.dmp

Filesize
64KB

Download
memory/2220-418-0x000002A056980000-0x000002A056990000-memory.dmp

Filesize
64KB

Download
memory/2220-419-0x000002A056990000-0x000002A0569A0000-memory.dmp

Filesize
64KB

Download
memory/2220-430-0x000002A0569B0000-0x000002A0569C0000-memory.dmp

Filesize
64KB

Download
memory/2220-429-0x000002A0569A0000-0x000002A0569B0000-memory.dmp

Filesize
64KB

Download
memory/2220-438-0x000002A0569C0000-0x000002A0569D0000-memory.dmp

Filesize
64KB

Download
memory/2220-443-0x000002A0569D0000-0x000002A0569E0000-memory.dmp

Filesize
64KB

Download
memory/2220-452-0x000002A056A00000-0x000002A056A10000-memory.dmp

Filesize
64KB

Download
memory/2220-451-0x000002A0569F0000-0x000002A056A00000-memory.dmp

Filesize
64KB

Download
memory/2220-450-0x000002A0569E0000-0x000002A0569F0000-memory.dmp

Filesize
64KB

Download
memory/2220-456-0x000002A056A10000-0x000002A056A20000-memory.dmp

Filesize
64KB

Download
memory/2220-457-0x000002A056A20000-0x000002A056A30000-memory.dmp

Filesize
64KB

Download
memory/2220-461-0x000002A056A30000-0x000002A056A40000-memory.dmp

Filesize
64KB

Download
memory/2220-463-0x000002A056A50000-0x000002A056A60000-memory.dmp

Filesize
64KB

Download
memory/2220-465-0x000002A056A70000-0x000002A056A80000-memory.dmp

Filesize
64KB

Download
memory/2220-464-0x000002A056A60000-0x000002A056A70000-memory.dmp

Filesize
64KB

Download
memory/2220-462-0x000002A056A40000-0x000002A056A50000-memory.dmp

Filesize
64KB

Download
memory/2220-467-0x000002A056A80000-0x000002A056A90000-memory.dmp

Filesize
64KB

Download
memory/2220-471-0x000002A056A90000-0x000002A056AA0000-memory.dmp

Filesize
64KB

Download
memory/4444-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download