007370ef1802f2d3466f84a38829747402ce9b4c60e2a6ecd0afb315b04e5b10

Analysis

max time kernel
1476s
max time network
1492s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mods/fast-chest-1.5+1.20.jar
Size

24KB
MD5

3d8e221cc1aa0e8811e9b191e3fe847b
SHA1

3a4f28e4bba3569607407e561927d40eeed1de12
SHA256

e2a6b132cccdd2454d53be1b3378ef426d41bbfca5313a51f9f159324483edbb
SHA512

84afda0514eabed2dd0566cff75c244d528fee42cf4e5404f5b2efc676db63565e65aed23335bbc21638000b2391cf45aeb008653713e7460ac44966f5c8b017
SSDEEP

384:uv7/dm5qYconK0ohOQSxwGfQrHLEJUbh5lJPEPqetq9z8:uvpm5qnoKpAQSxwGI4UlTpJh8

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1812	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 1812	236	java.exe	83
PID 236 wrote to memory of 1812	236	java.exe	83

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\fast-chest-1.5+1.20.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:236
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
87ab1380e9f2b9a5d95df87853ad53c6

SHA1
f807b81dad711c13859c91e4246fd0296d5dba7e

SHA256
fd5ff8e26e42969d19a7148217556ffc9198c1a6432834b87125aefe1ca18ecc

SHA512
64ce0bebd8e226b8abe92e10021d867ffebe5b4a6f68d8cfe41beee06b91702f80c84e3ee9f2d7635902bab5ed26d4583fdebddebf291ef7122bf46225de707d

Download Submit
memory/236-4-0x000001FDDF4C0000-0x000001FDE04C0000-memory.dmp

Filesize
16.0MB

Download
memory/236-11-0x000001FDDDC50000-0x000001FDDDC51000-memory.dmp

Filesize
4KB

Download
memory/236-13-0x000001FDDF4C0000-0x000001FDE04C0000-memory.dmp

Filesize
16.0MB

Download