007370ef1802f2d3466f84a38829747402ce9b4c60e2a6ecd0afb315b04e5b10

Analysis

max time kernel
1414s
max time network
1182s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mods/modmenu-7.2.1.jar
Size

703KB
MD5

fcfeba48cf658e1e1b0c655eeb3e6255
SHA1

ccaa15132f3e21307736d16fc160d064cc539e8c
SHA256

885ebe63b677d76c2d780fc996089bf3a573c6dc80e02337e1cfba213085cf57
SHA512

bcf9f30825d51e55ed5edef77b481a8e42ba61e6b78e32b6258ce86aaf4cfe812c4bd81595c5acebc65c876ae5b9840a7fb57d8ad7d26229c74b49c1b530e76f
SSDEEP

12288:pLCQnpwblgR8rpOl1+4ST/JZXH/wOsU0h4e2CNwj:lCQn6GR8rpOl1HS7fIOsf4NVj

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2816	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2816	2556	java.exe	81
PID 2556 wrote to memory of 2816	2556	java.exe	81

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\modmenu-7.2.1.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
be5a1ce7f168893472359fd36eaf0cb1

SHA1
d88d5363f216ec64d6916baf071ea753a53d7317

SHA256
96705b121f9eb581ffdce3839ef9381001576b07b3ba62b6a4e401b027a08b4b

SHA512
32a4c84f97c03f1e8340882522974b25607fede9daced58e0a06d95fa6e592e2110b2bcf5cc5b36dea46a12944689e562e7f30f9de8eb8c252d4a6c2a3e63ef6

Download Submit
memory/2556-4-0x000001D84BCB0000-0x000001D84CCB0000-memory.dmp

Filesize
16.0MB

Download
memory/2556-11-0x000001D84BC90000-0x000001D84BC91000-memory.dmp

Filesize
4KB

Download
memory/2556-13-0x000001D84BCB0000-0x000001D84CCB0000-memory.dmp

Filesize
16.0MB

Download