Overview

overview

4

Static

static

1

forge-1.16...er.jar

windows10-1703-x64

1

forge-1.16...er.jar

windows10-2004-x64

4

Analysis

  • max time kernel
    57s
  • max time network
    57s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-08-2023 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    forge-1.16.5-36.2.39-installer.jar

  • Size

    7.1MB

  • MD5

    050117b0afdfaa494eb66ba8c81c8e0d

  • SHA1

    7af595ae043ead57b00bb042d253fdfdcfc7e055

  • SHA256

    89d16a89948578e9111d89b12248617bf5aa742e6dd2a5cb7ec0c2eb5782710f

  • SHA512

    1067cda90d5a47fa30d39c8cde59eac2464142f626caef3fc9b42e187b0b41f47bdb17c4553e85f822ad6aa9017b781ba3fa82ba41d2ab75ef7dba7837a85379

  • SSDEEP

    196608:YevYT/naB7dtnlaeCLSdq06KwMCF7ILtVf:YgYT/kfldU2wMCF72bf

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\forge-1.16.5-36.2.39-installer.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3532
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4160
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3300
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.0.1066522666\2056397700" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1680 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbdebaf0-4c45-4d2c-9839-acc6b906fd09} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 1784 2afcde04158 gpu
        3⤵
          PID:1472
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.1.641625628\973869907" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03760ce6-e7ac-404d-b7f7-b9636eeba672} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 2124 2afcccfab58 socket
          3⤵
            PID:3028
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.2.986333710\30910756" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 2816 -prefsLen 21120 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cc92df8-630e-4fb2-b824-cb9fb8712bc6} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 2792 2afccd5d158 tab
            3⤵
              PID:4660
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.3.1442529295\1494554842" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3456 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd3448c3-4d41-459e-9d3b-16c57041aac2} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 3488 2afba962258 tab
              3⤵
                PID:4492
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.4.19849157\1278887976" -childID 3 -isForBrowser -prefsHandle 1556 -prefMapHandle 3940 -prefsLen 26885 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17bc3da1-2738-405d-a697-e7343f708ccc} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 1560 2afcfcadb58 tab
                3⤵
                  PID:4968
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.5.546635445\1890812745" -childID 4 -isForBrowser -prefsHandle 4520 -prefMapHandle 4580 -prefsLen 26885 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c215cfa6-8784-4a22-ba7f-38cb62c505bd} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 4592 2afd0a5d558 tab
                  3⤵
                    PID:2264
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.7.1174553998\574139050" -childID 6 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 26885 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6191d430-2a0d-497a-8c92-12b84513ebb1} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 5012 2afd0a5e458 tab
                    3⤵
                      PID:4952
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.6.637607151\667259065" -childID 5 -isForBrowser -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 26885 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29a21a41-0484-49e1-9c9d-2821b6c0f712} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 4760 2afd0a5e158 tab
                      3⤵
                        PID:3968

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    154KB

                    MD5

                    6b4f433195dc58fab5df628f07c9e0b6

                    SHA1

                    fb6e7e06ace43f0fb8337cddd3521e698ed4d8bf

                    SHA256

                    f2e2268094e321461689ca67ce19ba0a1e93d07129a4ad63f07e0bbeb67d2597

                    SHA512

                    afa56d3de1b204aedae24f770ee8e11c172e2b6f25d63e6d9ce5086da1b7ebc1eb19804452e6fd187155c205d6c2b78b259d861184f1fdda9622f3b65e337675

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    0c4e7470c31c52a58495cd27af3c7800

                    SHA1

                    18071b417b36fa710c12f7d09614d3f38e4d034d

                    SHA256

                    8b5e559653049d327fb57512e0f9b979300e3efd730544afa7507c6c7012484b

                    SHA512

                    219464741cd73bb93216fa229b534962e55ad0bc397c007736204b4702d8b637dab955c8a21cd7583354ca3583f08343873bb5e17f9ad080753cc9c8fbf40ab2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    2a8e6922de8406c8f1088ad9b488e5cd

                    SHA1

                    a00a61dbcaeee0a00c3d7800ef98a87ee5b42468

                    SHA256

                    4631e41f76c0a8964a8f88cd41075928d41ba94b3dcb8a36aab395793217bbc9

                    SHA512

                    808395df9a5b94c0b1724212fd21b4a7f6608431c76b6f60e0289d42f55b75d2814944760dc536bf80cc80da2541d561e1c5e5d247b084ef3a2997eabe66fe67

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    2122367c8b4309eb387d4e667c44cead

                    SHA1

                    e94882ae3670ff424b7f541b7dbf211443a45607

                    SHA256

                    befe76841697111869c6236c780e2d877184d2cabaa78f3c099a4a92d94d2744

                    SHA512

                    c424c93fb0a14889ab048830194c3e07506ee12908f26d4ae5e42da7d5c196d3a8081a5fd9f6f74eeecc20f1bbacdb85a8c99e263842bfe5c574570fa22c0b2f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    8fde8312a3479ad6ac0a07d1354296f3

                    SHA1

                    6e8ee4be235369b46e6632fe86743e8e3bbe6d6a

                    SHA256

                    f746cef2fd7156d1ac52cf4af9ffe2a6e11f07712d6791083ab32c17566d8373

                    SHA512

                    02dd900c21e0d9f5c66b5dfdfaf1fb6a8d62c665277ed43100fb0d2ba2cad905cd4125fd346fd6d726d7600eaebb1807195061ab646471259b3b45cc06c9622c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    992B

                    MD5

                    378a59a2758c2ca3ea06658be0a0a6c0

                    SHA1

                    395440ee2ab9e99fd22d8fc41f1d6be3921e03ec

                    SHA256

                    88c220ce922b827e1694cbed36e7b57d2721f8d44fc2e86f17473a9c4ef4de80

                    SHA512

                    2bf0d8e9d922ac4f87db40082424b5743c18dcc2a508d2790ffbd54fa097db2be6f2d86cc3caaa57dba38330b4dbbc7a86c3f8ef590134ae7fd5d87e446348d5

                    Download Submit

                  • memory/3532-174-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/3532-229-0x0000000002F40000-0x0000000003F40000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/3532-195-0x0000000002F40000-0x0000000003F40000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/3532-197-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/3532-124-0x0000000002F40000-0x0000000003F40000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/3532-146-0x0000000002F40000-0x0000000003F40000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/3532-215-0x0000000002F40000-0x0000000003F40000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/3532-176-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/3532-240-0x0000000002F40000-0x0000000003F40000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/3532-247-0x0000000002F40000-0x0000000003F40000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/3532-248-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/3532-249-0x0000000003230000-0x0000000003240000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/3532-250-0x0000000003280000-0x0000000003290000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/3532-251-0x00000000032B0000-0x00000000032C0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/3532-254-0x0000000002F40000-0x0000000003F40000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/3532-131-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

                    Filesize

                    4KB

                    Download