007370ef1802f2d3466f84a38829747402ce9b4c60e2a6ecd0afb315b04e5b10

Analysis

max time kernel
1470s
max time network
1490s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mods/architectury-9.1.13-fabric.jar
Size

568KB
MD5

b1dfdd4028663cbbdc6d5a3feb67d502
SHA1

cece61cb9c763614b690da0db216b052122444c1
SHA256

8edaa1c4162a8f875331e165aed64414d5db36b5995278f4bbeccc482bf490c4
SHA512

3fb2505c740d9d104dc8f2eb66d53739e1d8fd1be0bab1b0c30024229de1d2def84bdc88e1e48163907bccb0c52d076ae2625181e2b4faa6695b7f6fecdc9cff
SSDEEP

12288:T5nq11QEeQgiuijBb521nwmnX9NXG2Wnbxc8dnITtEYHrLUx9nm:T5qlebiukb5MTe28dn8LLUa

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1644	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1644	2916	java.exe	81
PID 2916 wrote to memory of 1644	2916	java.exe	81

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\architectury-9.1.13-fabric.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
112519cee082891a54fc47405162557b

SHA1
2758fc022c1de48de53eccaefc175204a6dda488

SHA256
7292667c7126283b3d9c6c2fde277ba364c92942b42a66b82417fde6051995e6

SHA512
2e6294e4356e1c5148126d276ab7ceae4cb34e975ca0694c72f8a20f5c1ac19a1149de23179e8abc34c0032b476901638c5e7a972709617f6c25f413a18884c0

Download Submit
memory/2916-4-0x0000014B80000000-0x0000014B81000000-memory.dmp

Filesize
16.0MB

Download
memory/2916-12-0x0000014BFEEC0000-0x0000014BFEEC1000-memory.dmp

Filesize
4KB

Download