f0a93c2b9406450632a57d934c8f579767c1e976114afd02ec41279ddf4b2966

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 23:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Nueva carpeta (3)/MutantMonsters-v8.0.4-1.20.1-Forge.jar
Size

1.3MB
MD5

b04bae4cea89d9b20786128cc3e01a31
SHA1

95dff3c7b0b148df21b280cfced46942c4a21d39
SHA256

66fbe052ffe6940ce4317a34825c8b77b69fb40b2cf344e1fa0aae95d5b81798
SHA512

6a2376de8b663e1a5d7a03d90c65dc866ea53815fe50f1570cb7a25399cb124674a5c1f314e8a737e074a5871d719f85cbe8db3ebc2c9c03b113f3e6df587719
SSDEEP

24576:VbZdkDfUidr7A0+8ANWfgeCdrdHWWyRdhiPcnaqOViDBQb/pMsnxVj:VbHAcum8ey3DtRbv0nnxVj

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2728	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 2728	4320	java.exe	87
PID 4320 wrote to memory of 2728	4320	java.exe	87

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Nueva carpeta (3)\MutantMonsters-v8.0.4-1.20.1-Forge.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
c6a2fdab968eabb80e831a7ba5109091

SHA1
7efaa6b1e96656bb0b598b004f72b76b871365e7

SHA256
584961a04ebb6ce04390ceabd4ba6811b97997e0391838c5f85eddf06392f046

SHA512
d1d0b1f9481b3e55232626931800115ce76592771b43d19b18ef5bcc4214239810fb448d30defe2278d9020ec2ab54d64f303e2a722289c3c6f870d289058883

Download Submit
memory/4320-4-0x0000014B5EE10000-0x0000014B5FE10000-memory.dmp

Filesize
16.0MB

Download
memory/4320-11-0x0000014B5D640000-0x0000014B5D641000-memory.dmp

Filesize
4KB

Download
memory/4320-14-0x0000014B5EE10000-0x0000014B5FE10000-memory.dmp

Filesize
16.0MB

Download