8b41655cbd6f6fe4e734cccaa48159420540d2a83e8595d51204de2f52696ef6

Analysis

max time kernel
90s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ActuallyAdditions-1.12.2-r151-2.jar
Size

2.6MB
MD5

e62726802ff285f63da89690895c375c
SHA1

b5153ea7b73b667fdc49133ab21f2afa5a15aa39
SHA256

8b41655cbd6f6fe4e734cccaa48159420540d2a83e8595d51204de2f52696ef6
SHA512

9e85191945bc639625ae5e63b39099c24c8f1de041ce2009c40857e1bf1a339bd7e8a341dbd3e50dc3861e14c98333007d9e8eea346845abea716455132baaed
SSDEEP

49152:KBi4i7cSLH0z3hXYwn3wMpffTRxYHu+GaniGVY127p1YLE2MD3zFpu:KkjISLH0jOqtxTUGrGVYUHm3MC

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4188	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 4188	4168	java.exe	84
PID 4168 wrote to memory of 4188	4168	java.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\ActuallyAdditions-1.12.2-r151-2.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
76425d5540de3e962636f8c9077e0894

SHA1
3b537cbf10db55bd5c7c7360abddbfb4eb283294

SHA256
8a94fc228a494604e6d1d3bf50ed9624a77185b394b96ca34b367e70c4f5c5ab

SHA512
6878b72c5affc4de3c39b29b5583f4ad79068f7f583fffe5e24c20d832b1c829945f42c34ee004bbb59e1c72d34b6ef78420e64f1bc5517b114ad3f1e8309650

Download Submit
memory/4168-4-0x0000021EB9820000-0x0000021EBA820000-memory.dmp

Filesize
16.0MB

Download
memory/4168-11-0x0000021EB8010000-0x0000021EB8011000-memory.dmp

Filesize
4KB

Download
memory/4168-13-0x0000021EB9820000-0x0000021EBA820000-memory.dmp

Filesize
16.0MB

Download