Analysis

  • max time kernel
    137s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 21:04

General

  • Target

    com.netflix.NGP.StrangerThings3_1.4.0-2001055_2arch_45feat_ce033328e4018ab7e88d2b94e5f89215_apkmirror.com.jar

  • Size

    190.5MB

  • MD5

    2432e4df23993bae7ef2ba283f3022d5

  • SHA1

    c2bd39943cdbd5db9c70bb63ba4553b61f16c386

  • SHA256

    f80f4b8fcb5ab0a915b8534260aad4f810f56f25a4c0de0e775ec7b64596157f

  • SHA512

    30c5a805262c3faecb59829906b23a05a7468fade04f5618aaf855343cb14520cf82f2a37d84c2b813c51c306fc62abf0110f7635c498818de0536daaf721cc5

  • SSDEEP

    3145728:ti8UvWVD7q+GNgP+P1pLTGBaC4k6tDF4+JoUX3WneBraLl8DSUL1FljWI/VjnYR:tvYWRq+GyP+dpLTyaCVU4mdXNGpjI/Vq

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\com.netflix.NGP.StrangerThings3_1.4.0-2001055_2arch_45feat_ce033328e4018ab7e88d2b94e5f89215_apkmirror.com.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:208

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

          Filesize

          46B

          MD5

          f49ef159b4af30d48e5d2b2a03162720

          SHA1

          11dda0772c4a75f51324a97c6c040305a3814deb

          SHA256

          cadc2349abdb864506cfc04e303baded42bed37c2e0c29e60f340b936ccade91

          SHA512

          2492e35ca5b92f8b5f6b5a452ac4387ff91027cf2258e617aa534dd5c5390d83ec63c4f22b8020908777f36cd7e17589b544ecfd453f79fc26164755a69cf25f

        • memory/4752-4-0x0000017580000000-0x0000017581000000-memory.dmp

          Filesize

          16.0MB

        • memory/4752-11-0x00000175FBB10000-0x00000175FBB11000-memory.dmp

          Filesize

          4KB

        • memory/4752-13-0x0000017580000000-0x0000017581000000-memory.dmp

          Filesize

          16.0MB