Analysis
-
max time kernel
91s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 18:02
Static task
static1
Behavioral task
behavioral1
Sample
Wurst-Client-v7.39.1-MC1.20.1.jar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Wurst-Client-v7.39.1-MC1.20.1.jar
Resource
win10v2004-20231215-en
General
-
Target
Wurst-Client-v7.39.1-MC1.20.1.jar
-
Size
1.6MB
-
MD5
a733830d08415b6f8a9184ac5dde2fb2
-
SHA1
fdcdae43e71e46fbfca3fadaba2faddc2467c6af
-
SHA256
5bacd470aae61821c09162380318c6f9df4250534b7347f326e04e2b67585cc7
-
SHA512
9c7b7d533abf1d199c4875fe08de4fcf6ade6c6fb3b8c2341909fb75c261179e841a4b413d151ebe436c3394cc0011eb0e32091893b7e1915eabf1714169614e
-
SSDEEP
24576:fVq9Hu5uIV30IemgmAH1fnTps+x+PB/eMvNQVha79U3H6zN4zxnzC8JSssC2b0:m+lV30IfW17pJYXQVhMq3a2zxFFsBb0
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 1128 wrote to memory of 5044 1128 java.exe icacls.exe PID 1128 wrote to memory of 5044 1128 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\Wurst-Client-v7.39.1-MC1.20.1.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1128 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:5044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD56007b5455429e7632b738879bcdf7c20
SHA1b696bcc88eb7be05649e28b0432535af7369ba61
SHA2566b7ea4c560033f2825651c138638d6939a3bbf7ae48fa98536f3296fd8795f27
SHA51283216cb19957ba6c81a148516d6afbcf36c9700c6c7f248b9aeeed5e070a5048e06acd40f93d9111fc4ad23bae23a5e7686b7c5e9ab070e1891c1a6802e9480d