Overview

overview

7

Static

static

1

plugins/Be...11.jar

windows7-x64

1

plugins/Be...11.jar

windows10-2004-x64

7

plugins/CM....0.jar

windows7-x64

1

plugins/CM....0.jar

windows10-2004-x64

7

plugins/Ch....7.jar

windows7-x64

1

plugins/Ch....7.jar

windows10-2004-x64

7

plugins/Cl...36.jar

windows7-x64

1

plugins/Cl...36.jar

windows10-2004-x64

7

plugins/Clearlag.jar

windows7-x64

1

plugins/Clearlag.jar

windows10-2004-x64

7

plugins/De....5.jar

windows7-x64

1

plugins/De....5.jar

windows10-2004-x64

7

plugins/De...se.jar

windows7-x64

1

plugins/De...se.jar

windows10-2004-x64

7

plugins/Ec....4.jar

windows7-x64

1

plugins/Ec....4.jar

windows10-2004-x64

7

plugins/Es...77.jar

windows7-x64

1

plugins/Es...77.jar

windows10-2004-x64

7

plugins/Es...77.jar

windows7-x64

1

plugins/Es...77.jar

windows10-2004-x64

7

plugins/Es...77.jar

windows7-x64

1

plugins/Es...77.jar

windows10-2004-x64

7

plugins/Ex....0.jar

windows7-x64

1

plugins/Ex....0.jar

windows10-2004-x64

7

plugins/Fa...ng.ps1

windows7-x64

1

plugins/Fa...ng.ps1

windows10-2004-x64

1

plugins/Fa...06.jar

windows7-x64

1

plugins/Fa...06.jar

windows10-2004-x64

7

plugins/Fr....9.jar

windows7-x64

1

plugins/Fr....9.jar

windows10-2004-x64

7

plugins/GS....3.jar

windows7-x64

1

plugins/GS....3.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    100s
  • max time network
    219s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/11/2023, 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    plugins/ExcellentCrates-5.0.0.jar

  • Size

    315KB

  • MD5

    10602990789e6b745b4c21f3eb74bf36

  • SHA1

    30e28d0328ec60c791992a7089e660e8d5814bdb

  • SHA256

    9d746928c37a135cccaa5ef8583265b2f63cf97443428cc5c06b45a674da33c1

  • SHA512

    d5ffaf7e9086ac877cb5e09bac93b91c319664df86e511480dfaadfa941e529d2abff97238ecb90fb661cfee51acfb1ce3be43f49ebe0888f882419764ea061a

  • SSDEEP

    6144:lVIUwg92ZTtUsBew0mhwa5bp/06agTCi2rGKe/pWaaNGjChOt8jJLZM/A:B2ZTexEmUpGgTdqGNgcWotK

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\plugins\ExcellentCrates-5.0.0.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1892
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    f91601c4a515a365819c4f266d883fb2

    SHA1

    f3aad41a4dd947da5fbd2c60950945a05f88cd12

    SHA256

    e24989bf2ae0736cc5090050b9ca51b30e80e9a27424d4ec07b82098740df8b1

    SHA512

    c30ea443129e06b6d12c69bf55b65bef23356dc866abbcc56949f4aeebb4aa81862ad233a06d487abadc87c1c39301c23d688d77d174847be0b3ef63c8d5a292

    Download Submit

  • memory/1892-4-0x000002F2286D0000-0x000002F2296D0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1892-12-0x000002F226EE0000-0x000002F226EE1000-memory.dmp

    Filesize

    4KB

    Download