007370ef1802f2d3466f84a38829747402ce9b4c60e2a6ecd0afb315b04e5b10

Analysis

max time kernel
1487s
max time network
1501s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mods/starlight-1.1.2+fabric.dbc156f.jar
Size

124KB
MD5

a0b391bf55891502c2074bd078bb5899
SHA1

a03102cab439cbab5a1d7d72cd7c2b4976ddd421
SHA256

2b4bb0256279b9edeec050ea02751119e4a7c6933a2b0d2905a72c56b14882d8
SHA512

6b0e363fc2d6cd2f73b466ab9ba4f16582bb079b8449b7f3ed6e11aa365734af66a9735a7203cf90f8bc9b24e7ce6409eb04d20f84e04c7c6b8e34f4cc8578bb
SSDEEP

3072:Oyaaf/NtC21+ASXpe7SP29L5EYoXwi3b8fYMkfUVWfT:ORA8Xjk+PQ5EfAw44dT

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1764	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 1764	1788	java.exe	81
PID 1788 wrote to memory of 1764	1788	java.exe	81

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\starlight-1.1.2+fabric.dbc156f.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
c2751988964aafc1b817986de5667afe

SHA1
a618eab823a4cbfa8d6cd2fe61d0cc858c0fe658

SHA256
1c3a957f5b229a1d5ea224ef7ca74c6701c1015261d5765b9c1bf11a47c28e7f

SHA512
22f1550b1bcee487c4614047f465fd916f63f29ff475b1ed16b02b65fc5eb69d0ef542f3ee00d219343353bcef3b25bf11354bf4c356c1022dcdfd5577ab8966

Download Submit
memory/1788-4-0x000001FF830E0000-0x000001FF840E0000-memory.dmp

Filesize
16.0MB

Download
memory/1788-12-0x000001FF830C0000-0x000001FF830C1000-memory.dmp

Filesize
4KB

Download
memory/1788-14-0x000001FF830E0000-0x000001FF840E0000-memory.dmp

Filesize
16.0MB

Download