007370ef1802f2d3466f84a38829747402ce9b4c60e2a6ecd0afb315b04e5b10

Analysis

max time kernel
1412s
max time network
1176s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mods/fabric-api-0.83.1+1.20.1.jar
Size

1.9MB
MD5

93616b51e3bb4ac62ee674e94e5b55cc
SHA1

3616f70a677bd680c9fcced41a2117a9f099c550
SHA256

8319a54a4c8262a1517bd6182e74823e463552c7005b262ac34b96153069a8e9
SHA512

e1aa8d7a8306750de3dccd4cfec31bc4f642bec2a4480af45d20646f26da5b23a13a63de494bdcc7e6a27f5d5537698ca193cebd729a07e373b821f28d9aef61
SSDEEP

49152:i/vwYjGKGxv++ZQv8WsQ97dlHODaOLM0S3CjKE4m/f:inwYHkQv8Ws6OGq2UYQf

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2832	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 2832	4584	java.exe	81
PID 4584 wrote to memory of 2832	4584	java.exe	81

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\fabric-api-0.83.1+1.20.1.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
b65033d88e8df15787e3b28d319612fe

SHA1
b1538e04ebcb4c6b2b97f89c7847eb9a153a92ae

SHA256
601f6e6f0cfebc80794f5fa89f592b4c78f6da4ce6538dae8c64284095aa2474

SHA512
fe2952a28cf9ec0667a6688ac26da62fb5b257441c04a1e005abc18ec979b3cad1fadd7ec9f8bee12e9c5d903aee72645ee03f1f98d84e60b9c17fa1ecf8166e

Download Submit
memory/4584-4-0x000001CB6C100000-0x000001CB6D100000-memory.dmp

Filesize
16.0MB

Download
memory/4584-11-0x000001CB6C0E0000-0x000001CB6C0E1000-memory.dmp

Filesize
4KB

Download
memory/4584-13-0x000001CB6C100000-0x000001CB6D100000-memory.dmp

Filesize
16.0MB

Download