Analysis
-
max time kernel
25s -
max time network
12s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
22/02/2024, 17:37
Static task
static1
Behavioral task
behavioral1
Sample
ftb-library-fabric-2001.1.4.jar
Resource
win11-20240221-en
General
-
Target
ftb-library-fabric-2001.1.4.jar
-
Size
592KB
-
MD5
64980c2a5d2c44c84ba9d288e8dd8580
-
SHA1
04f7f6324a567e6085da410dd2a839aaff3443c8
-
SHA256
8cd76fd19d49764e9d6ae248c2eafef6f4d65bc0e4a7758b0c11ee7d2b08d8da
-
SHA512
0e1876284d7fbd1c186c4783836499c1049b057545e22e026386f68957beda8bbb3cf2201c47e6857aac425f25b0efa2959233bed4aff87551ac923a3fe08dd7
-
SSDEEP
12288:RXJs0fqk5ax0unonYKW337vtGqZNAOFIWd1QdYMP:hilk5azocbvtpfIIudYw
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 1876 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2688 wrote to memory of 1876 2688 java.exe 82 PID 2688 wrote to memory of 1876 2688 java.exe 82
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\ftb-library-fabric-2001.1.4.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:1876
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD536672801fe9e21756047c15c9e8cf776
SHA16eccac6c345225990ed1ac10ee8fa23e65689712
SHA2566c96be39fd3d9e1643baa19418ffcea14bcc6bfdb2d70ab219d20e658249eb12
SHA51209d3d140f0710a48a60627ca4867888a81e18231e7d87302e6f4babc3aaeec8efd13f0202b67d01613a9f4d400e19e3de016dc609ec913d9db6e88c03f9f92b5