Analysis
-
max time kernel
453s -
max time network
458s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 00:26
Static task
static1
Behavioral task
behavioral1
Sample
MobPlugin-1.26.2.jar
Resource
win10v2004-20240221-en
General
-
Target
MobPlugin-1.26.2.jar
-
Size
357KB
-
MD5
6b94e972694beefb4255d4cc8f621f90
-
SHA1
6bb29a7907a0308a67af6b96875571ea4bc84779
-
SHA256
7e763c8e187c904647acce8f0374225380cab602f750695e1f5b67cb3455b1cd
-
SHA512
6399df14ce02af3ec93abd943250e5e0d5a3862cbf581519c3c27127cbe5347e1af6ee3e7dc014c9a7203c52715382a2af0433618ac0f6560833cebade5c7455
-
SSDEEP
6144:dYPehF/yIubuGeyEFh9p5HR2dnBzQy8C9dcghgR3dSszBdeksUhVzbbj+l0hgfY:KPulYeyqHR2dn2y8EgR3dSszBdeksqvZ
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 2104 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2512 wrote to memory of 2104 2512 java.exe 87 PID 2512 wrote to memory of 2104 2512 java.exe 87
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\MobPlugin-1.26.2.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:2104
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5e99b789ced38f2bf0063faf806df8596
SHA10d4e2646946bf883fc66994e7e387d30ac868a4e
SHA2564aa0ea3cdcc5c059bac17a7414c2851194338ca5e9b2978b80088e24503acb9c
SHA512fbda2e2ebcff0edef9267181f177eeec6d20cb2aaf17fc8f14f2b1eb9d2bd177282ae57d30f9622df5c70fc75316efcee320c581bc2fa843a534add4da6b6599