Overview

overview

7

Static

static

1

ftb-teams-....4.jar

windows11-21h2-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    93s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-02-2024 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ftb-teams-fabric-2001.1.4.jar

  • Size

    230KB

  • MD5

    419e558ccd8519fc85551b0c60b01c3b

  • SHA1

    a9d10ed975534801696b925bb3b3489cfb00cab7

  • SHA256

    f65843b805aff75c7f314dbac12645bf53acad1930815abeb9bef526509d89d3

  • SHA512

    f634dd3f21f0360bda59a70867b2e5641c72995a6a096af7881a3b5a13ed458f7e10b39035d5bb1abb98e5927242f8d7a9a32c8c880599e3186337973dca45bf

  • SSDEEP

    6144:ZmyOwHXmBjKwzBlneNEZqRJcmM/A2Cu2GGeU7OI:sk2BzBddZqR72CuXG97OI

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\ftb-teams-fabric-2001.1.4.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2376
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    c4370ad5cab03580e142627fe5fea613

    SHA1

    449370a35464b272de641435a5a51122af782632

    SHA256

    b3ac105399cd97d5278746f5bf0af2b2750c1d358a1f6aceabaca77c40a85e53

    SHA512

    8c76e1dbda113ffd91b866189b04d5096281cd46305c8ae3d30c0ef502bd4aa6f5f97f2f79cf6fdbaeebc80cffbefa81e243a770b0862e3d844a85d142501320

    Download Submit

  • memory/2344-19-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-13-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-14-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-15-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-21-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-20-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-22-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-24-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-23-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-25-0x000001FCFE0A0000-0x000001FCFE0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5112-12-0x000001D72CB00000-0x000001D72CB01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5112-4-0x000001D72CB20000-0x000001D72DB20000-memory.dmp

    Filesize

    16.0MB

    Download