Analysis
-
max time kernel
137s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22/02/2024, 21:04
Static task
static1
Behavioral task
behavioral1
Sample
com.netflix.NGP.StrangerThings3_1.4.0-2001055_2arch_45feat_ce033328e4018ab7e88d2b94e5f89215_apkmirror.com.jar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
com.netflix.NGP.StrangerThings3_1.4.0-2001055_2arch_45feat_ce033328e4018ab7e88d2b94e5f89215_apkmirror.com.jar
Resource
win10v2004-20240221-en
General
-
Target
com.netflix.NGP.StrangerThings3_1.4.0-2001055_2arch_45feat_ce033328e4018ab7e88d2b94e5f89215_apkmirror.com.jar
-
Size
190.5MB
-
MD5
2432e4df23993bae7ef2ba283f3022d5
-
SHA1
c2bd39943cdbd5db9c70bb63ba4553b61f16c386
-
SHA256
f80f4b8fcb5ab0a915b8534260aad4f810f56f25a4c0de0e775ec7b64596157f
-
SHA512
30c5a805262c3faecb59829906b23a05a7468fade04f5618aaf855343cb14520cf82f2a37d84c2b813c51c306fc62abf0110f7635c498818de0536daaf721cc5
-
SSDEEP
3145728:ti8UvWVD7q+GNgP+P1pLTGBaC4k6tDF4+JoUX3WneBraLl8DSUL1FljWI/VjnYR:tvYWRq+GyP+dpLTyaCVU4mdXNGpjI/Vq
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 208 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4752 wrote to memory of 208 4752 java.exe 90 PID 4752 wrote to memory of 208 4752 java.exe 90
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\com.netflix.NGP.StrangerThings3_1.4.0-2001055_2arch_45feat_ce033328e4018ab7e88d2b94e5f89215_apkmirror.com.jar1⤵
- Suspicious use of WriteProcessMemory
PID:4752 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:208
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5f49ef159b4af30d48e5d2b2a03162720
SHA111dda0772c4a75f51324a97c6c040305a3814deb
SHA256cadc2349abdb864506cfc04e303baded42bed37c2e0c29e60f340b936ccade91
SHA5122492e35ca5b92f8b5f6b5a452ac4387ff91027cf2258e617aa534dd5c5390d83ec63c4f22b8020908777f36cd7e17589b544ecfd453f79fc26164755a69cf25f