Malware Analysis Report

2025-08-11 06:04

Sample ID 240222-v7cf5ada8z
Target ftb-library-fabric-2001.1.4.jar
SHA256 8cd76fd19d49764e9d6ae248c2eafef6f4d65bc0e4a7758b0c11ee7d2b08d8da
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

8cd76fd19d49764e9d6ae248c2eafef6f4d65bc0e4a7758b0c11ee7d2b08d8da

Threat Level: Shows suspicious behavior

The file ftb-library-fabric-2001.1.4.jar was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Modifies file permissions

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 17:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 17:37

Reported

2024-02-22 17:38

Platform

win11-20240221-en

Max time kernel

25s

Max time network

12s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\ftb-library-fabric-2001.1.4.jar

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2688 wrote to memory of 1876 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\icacls.exe
PID 2688 wrote to memory of 1876 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\icacls.exe

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\ftb-library-fabric-2001.1.4.jar

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/2688-4-0x000001DE07B30000-0x000001DE08B30000-memory.dmp

memory/2688-11-0x000001DE062D0000-0x000001DE062D1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 36672801fe9e21756047c15c9e8cf776
SHA1 6eccac6c345225990ed1ac10ee8fa23e65689712
SHA256 6c96be39fd3d9e1643baa19418ffcea14bcc6bfdb2d70ab219d20e658249eb12
SHA512 09d3d140f0710a48a60627ca4867888a81e18231e7d87302e6f4babc3aaeec8efd13f0202b67d01613a9f4d400e19e3de016dc609ec913d9db6e88c03f9f92b5

memory/2688-13-0x000001DE07B30000-0x000001DE08B30000-memory.dmp