007370ef1802f2d3466f84a38829747402ce9b4c60e2a6ecd0afb315b04e5b10

Analysis

max time kernel
1414s
max time network
1182s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mods/essential_1-3-0-5_fabric_1-20-1.jar
Size

50.1MB
MD5

07c71f441df93de13d32e8c8da35ff5e
SHA1

24c7695cc4e34c89375168b2ac8c98abb4d686d1
SHA256

61146e0909f2306cdeb2f61791bfc4b913824aa7b46a54e74f2c691f5d4ed039
SHA512

4ab335bbad2649d886de30d739c60d198789560bdf3bb32e5b1a82f6d27731c4b0bf7daf474874f7cba647bb287eb53e181a735f5231029d233e6f2770f6c3d6
SSDEEP

786432:Ya4mReB2JwTuw2u/sR3kOSmBehCj5nPXVoFEvPGXQh8MJLT5FIKtB3JSAXR08m6H:6mReBwwTumsdRek9vuXQhXJP5uKNicDv

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3124	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 3124	1296	java.exe	81
PID 1296 wrote to memory of 3124	1296	java.exe	81

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\essential_1-3-0-5_fabric_1-20-1.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
095b2a7cd6c0c61ba237e4982881c304

SHA1
750c3bba3b74cd78cadc54e5fef3c5e8aa442c58

SHA256
73742703371a4f6427e8a7a5c603b81820f34ca1f32f94d41bfd5fb88a8f320d

SHA512
4472ef7c4237b03537d29fa3642a5d09edca3615f0351b7cde58e7f137eea17cef39b469e5b54e2e97f37509b582b97ab9da70b4ea737623d492f48f60dc82f2

Download Submit
memory/1296-4-0x000001BABCB10000-0x000001BABDB10000-memory.dmp

Filesize
16.0MB

Download
memory/1296-11-0x000001BABB230000-0x000001BABB231000-memory.dmp

Filesize
4KB

Download