007370ef1802f2d3466f84a38829747402ce9b4c60e2a6ecd0afb315b04e5b10

Analysis

max time kernel
1486s
max time network
1512s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mods/lunade-fastanim-1.6-1.20.jar
Size

115KB
MD5

c405cb79fcb03b2762f9f14e5cb047e2
SHA1

0e611399323878b9f3efcc6016ea5d6eefc8c765
SHA256

c6af4d11f52a66bfa4f35e87fe6aa7132f74ff1f2dea3a3dd668a0d60e99017c
SHA512

6e4dca503f0952e18c07175d2281c8f2a2d8227939457646a8de0ce1ac72cf83861667f45e91c703629e1a9594c28ccc93cd3a74641ecf885fbcce5d10e13338
SSDEEP

3072:leCphsKLEgzbsP2qNnUll1s3BWhGGK8QJX9o0a:4CpDzfsuqNUK3BWO9o0a

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
936	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 936	4360	java.exe	83
PID 4360 wrote to memory of 936	4360	java.exe	83

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\lunade-fastanim-1.6-1.20.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
29d1229a99fa86a23dcd01c6941f1126

SHA1
f17cedf654d0be0134bed5e23e221e0d69a975db

SHA256
21ade130b591dbf0b0933c166bc5d81f7851f6003db31a1f01a578e3dc4a1617

SHA512
12306eecf98084281c54b273b230c4b7d475f98ee6925b3c98a72fe3cfbe9459112a9b762dde6e251ded32e53292e999471191057461cdfb0aefb00229c718ec

Download Submit
memory/4360-4-0x000001E7A5D80000-0x000001E7A6D80000-memory.dmp

Filesize
16.0MB

Download
memory/4360-11-0x000001E7A4740000-0x000001E7A4741000-memory.dmp

Filesize
4KB

Download
memory/4360-13-0x000001E7A5D80000-0x000001E7A6D80000-memory.dmp

Filesize
16.0MB

Download