Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 19:53

General

  • Target

    libraries/com/mojang/authlib/1.5.21/authlib-1.5.21.jar

  • Size

    62KB

  • MD5

    70565f6a4aa38a8e8541ef019adbf8ad

  • SHA1

    aefba0d5b53fbcb70860bc8046ab95d5854c07a5

  • SHA256

    ce7a9c86ebebf30b89929026f4a0a3c58ce0f4d47937d6dc086ae4fd0c77544a

  • SHA512

    7223d0e9a0c8bae870c88748008062ee1e9c659e8b1acf200ece0ab71488bd6c4447db779ae61258d07a0dbc6f46f03ad1f168d2a2cac0f758f9729b38d92731

  • SSDEEP

    1536:wLxCY5177oygmsyF9V6iIHStF3qXG3bhOY3NPItTacEFWD2z:wLxN5178yFlqX4bhOm+tTK

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\libraries\com\mojang\authlib\1.5.21\authlib-1.5.21.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1096

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

          Filesize

          46B

          MD5

          9ce141c29a374da9f0ba1be1f00ce8ac

          SHA1

          4671c21887088adb2e84aa50173deb2f79d2f7cd

          SHA256

          61d0809b1481c42dbd8659f072f5c5041c85ea7fad72da834c1dfd914d185e94

          SHA512

          f6226f605340acca3e9baf2b4c191083ca138946df0ced061d5747d060dc369b3ff4696d559447cc7f7848f250d28588b6bc9e6eb24f5d54c21de9754bf380ad

        • memory/1836-4-0x000001F920160000-0x000001F921160000-memory.dmp

          Filesize

          16.0MB

        • memory/1836-12-0x000001F91E890000-0x000001F91E891000-memory.dmp

          Filesize

          4KB