Analysis

  • max time kernel
    93s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 19:53

General

  • Target

    libraries/com/ibm/icu/icu4j-core-mojang/51.2/icu4j-core-mojang-51.2.jar

  • Size

    1.6MB

  • MD5

    aec124acf7b3c1c6ed41a6270a4452b8

  • SHA1

    63d216a9311cca6be337c1e458e587f99d382b84

  • SHA256

    147592c5eb8e11fc8394125954f877acf25918bae13aa210c2825aefc3030ed8

  • SHA512

    ca585221ac4b06ed7b12891b43882e1c219d4656bab0f291a25fb9bd971d09371f1c8e35181a9ae5dafd9a429367ade86ec3f06eb0dc887e8a790c671132cac1

  • SSDEEP

    24576:RMl7QhGL9gcpfLXQfrq0FKhpcRXArrbyWgggaaDtktf1aUQJf0C36c1Nh:2FfgPHoim/uhDyl1EfFFF

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\libraries\com\ibm\icu\icu4j-core-mojang\51.2\icu4j-core-mojang-51.2.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4724

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

          Filesize

          46B

          MD5

          e04c86c7ca9fd7cd6e87c55b416af301

          SHA1

          c19739e120380940077561a50b9215ad1f663649

          SHA256

          bb71106cfeb6794498c753bc6770e2e55f70e09345ed72da1db0cf79e75d8e89

          SHA512

          4fab7f4c6992b85ec3bd3c976eef0e40fa3a04485343b2fccb60c5853be6a37466f8e4899e0f1450147a2a343d7573ca1fa5d5a5e980ae8d46b15e7ab920f0ba

        • memory/2236-4-0x000002E9D48D0000-0x000002E9D58D0000-memory.dmp

          Filesize

          16.0MB

        • memory/2236-13-0x000002E9D3000000-0x000002E9D3001000-memory.dmp

          Filesize

          4KB