Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 11:50
Static task
static1
Behavioral task
behavioral1
Sample
lucky-block-fabric-1.20.2-14.5.jar
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
lucky-block-fabric-1.20.2-14.5.jar
Resource
win10v2004-20240221-en
General
-
Target
lucky-block-fabric-1.20.2-14.5.jar
-
Size
1.9MB
-
MD5
cc2c2578f4218a943f7203298fe01254
-
SHA1
89e225fce3f4e16b89db3727cb177d52fcaec8c9
-
SHA256
40a688975e4975aaef91863c415d2fd696d2245bf799319f0fa77b5ccbe1aa66
-
SHA512
b2db07ee5adbb142797408dcb5f5d9cf702bb296eb8cde47475911b27db3d9e0fa39f6cd83ab69b7ad327eb325f52e4db7e6b23097b3d9783a3ade229d7777cd
-
SSDEEP
24576:yrFh7EzOWJxG3zv/i5byJ59U5MqTJndF6H0L+Z2Z7t/dC7YNGJuu1JS88bOmoWoD:yrFh7iDxG3f9039n+HS5cYNGJYRymZUF
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 3876 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3264 wrote to memory of 3876 3264 java.exe 87 PID 3264 wrote to memory of 3876 3264 java.exe 87
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\lucky-block-fabric-1.20.2-14.5.jar1⤵
- Suspicious use of WriteProcessMemory
PID:3264 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:3876
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD553f79cd97fa748edea3c55a216105c6a
SHA168f9c9474a266e303fa79323e271ed67741e6a5d
SHA2561948e521d8b18e5ef7e57e2461f6ce62465a3abe957f60eebee4dd391976f52f
SHA512d2b2756dfef30b342916d6a9148ef792f255c2e8ec4a58fb4e4d0103aa5afa52f13308793f2fc8b7690ce6d11b1b623d1e7da26cada45b829f8ae4948e2e97ec