007370ef1802f2d3466f84a38829747402ce9b4c60e2a6ecd0afb315b04e5b10

Analysis

max time kernel
1480s
max time network
1508s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mods/voicechat-fabric-1.20.1-2.4.16.jar
Size

7.6MB
MD5

45d4c3da755478f077a1f116f7957177
SHA1

655fe4516dc73126046bd258b7c69a5010e69287
SHA256

e38e0b520b64938d907e4bab715ef0abda1822227c00aae12418ac8fb53e828b
SHA512

f41fc5a6bcddadeac0fc639eb0dc8fc47cdef06038bb4745cc83d70492e419751bf2fe563b37389565497898225cf790b4ff4d08b99954321b623ea1ba274952
SSDEEP

196608:X1qFozxKwfqQmz/8StDxhVG87NsHfcY2GHFPZwqU9yOrJF:gOfdmz/1tGQY2GHfC9zlF

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2532	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2532	2148	java.exe	82
PID 2148 wrote to memory of 2532	2148	java.exe	82

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\voicechat-fabric-1.20.1-2.4.16.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
396080a85f0fd04374fdcd57b8df8b86

SHA1
07bcdc8ce490ceb7dd0164c3038d23ecab08fed7

SHA256
0acc292bc374ac9c047a387b55f2446f52ade07d54fa9446322059db3b1d6cfa

SHA512
f4c3abf4426c3cc68984b33683bc70652856260f144647ef36c8188465930a01a8b214a3203d97c5d0043f4b2f543d4cd69ca40eb603877bec73eae9b92f139f

Download Submit
memory/2148-4-0x000001FE85670000-0x000001FE86670000-memory.dmp

Filesize
16.0MB

Download
memory/2148-12-0x000001FE83DA0000-0x000001FE83DA1000-memory.dmp

Filesize
4KB

Download
memory/2148-13-0x000001FE85670000-0x000001FE86670000-memory.dmp

Filesize
16.0MB

Download