Analysis
-
max time kernel
1797s -
max time network
1172s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 11:28
Static task
static1
Behavioral task
behavioral1
Sample
lucky-block-fabric-1.20.2-14.5.jar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
lucky-block-fabric-1.20.2-14.5.jar
Resource
win10v2004-20240221-en
General
-
Target
lucky-block-fabric-1.20.2-14.5.jar
-
Size
1.9MB
-
MD5
cc2c2578f4218a943f7203298fe01254
-
SHA1
89e225fce3f4e16b89db3727cb177d52fcaec8c9
-
SHA256
40a688975e4975aaef91863c415d2fd696d2245bf799319f0fa77b5ccbe1aa66
-
SHA512
b2db07ee5adbb142797408dcb5f5d9cf702bb296eb8cde47475911b27db3d9e0fa39f6cd83ab69b7ad327eb325f52e4db7e6b23097b3d9783a3ade229d7777cd
-
SSDEEP
24576:yrFh7EzOWJxG3zv/i5byJ59U5MqTJndF6H0L+Z2Z7t/dC7YNGJuu1JS88bOmoWoD:yrFh7iDxG3f9039n+HS5cYNGJYRymZUF
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 5016 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2576 wrote to memory of 5016 2576 java.exe 87 PID 2576 wrote to memory of 5016 2576 java.exe 87
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\lucky-block-fabric-1.20.2-14.5.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2576 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:5016
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5a8574c18b17b5d2d560ae3e66a31e478
SHA156208266ef2a04d5ae57a8eaaa8171cae14b753a
SHA256f1a0ac3e35224bef6256c106eacee92395b93f0bcdc55b8398f7eac3c86ce1a2
SHA512faf021fa6beb8acdabcf1b696e314b70ff8e07df14dd0cfaa3f3b341d8ecc6128f58ab1444915f17b60f6e7934e589eb269d148ac81569add4a44f1725755863