007370ef1802f2d3466f84a38829747402ce9b4c60e2a6ecd0afb315b04e5b10

Analysis

max time kernel
1478s
max time network
1495s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mods/Rrls-1.20-3.0.0-fabric.jar
Size

181KB
MD5

0c966266d63187adaeb51b88e0989ede
SHA1

186996dcda4ae2080e8c199c88c68a44e3959cb2
SHA256

45c1ded74dba1c09dca659019f600e2a19852ba4312cdef6a87afb5824802931
SHA512

a15e991ce8f3720598a47c73b90cfd0807852ed411363d00ed5fe66f5d36eadd13eb8221caf88b6556c86ee903bb60df4ad04ef73b82d4f75e790043190ea21a
SSDEEP

3072:QaKDIJ/MgXuhLo38sT5izH5vKw59DhXNpY71v7JzUHU6LolsKJO+0p4pyVjCJzX:QafagXuGsSi7VKAhXNpY5VzUHfOspsSU

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3140	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 3140	1576	java.exe	82
PID 1576 wrote to memory of 3140	1576	java.exe	82

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\Rrls-1.20-3.0.0-fabric.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
b7e2c607e8c17d4c4f338c5a7f982fee

SHA1
75b243f5ff31f84d231be712a3044ddfe92b89f0

SHA256
79dd45eb488fa9b6b54216a5b9b1179ae3d01e31909b49f9e25e6bfc050431cc

SHA512
06abb6933066cc0d99b74c813404862a7318f181a5629a422e09a319598df444eae39c39bddfa92cfa432605e09d3cc13a92cdaca2b1f6da55710c4e152c70d6

Download Submit
memory/1576-4-0x000001625BBC0000-0x000001625CBC0000-memory.dmp

Filesize
16.0MB

Download
memory/1576-12-0x000001625A3E0000-0x000001625A3E1000-memory.dmp

Filesize
4KB

Download
memory/1576-13-0x000001625BBC0000-0x000001625CBC0000-memory.dmp

Filesize
16.0MB

Download