Overview

overview

7

Static

static

1

le ze modz.zip

windows7-x64

le ze modz.zip

windows10-2004-x64

1

AquaAcrobatics.jar

windows7-x64

1

AquaAcrobatics.jar

windows10-2004-x64

7

Artifacts.jar

windows7-x64

1

Artifacts.jar

windows10-2004-x64

7

AssetMover.jar

windows7-x64

1

AssetMover.jar

windows10-2004-x64

7

Backpacks.jar

windows7-x64

1

Backpacks.jar

windows10-2004-x64

7

Baubles.jar

windows7-x64

1

Baubles.jar

windows10-2004-x64

7

BetterThirdPerson.jar

windows7-x64

1

BetterThirdPerson.jar

windows10-2004-x64

7

Bookshelf.jar

windows7-x64

1

Bookshelf.jar

windows10-2004-x64

7

BountifulBaubles.jar

windows7-x64

1

BountifulBaubles.jar

windows10-2004-x64

7

ChocolateQ...ed.jar

windows7-x64

1

ChocolateQ...ed.jar

windows10-2004-x64

7

CosmeticAr...ed.jar

windows7-x64

1

CosmeticAr...ed.jar

windows10-2004-x64

7

Crossbow.jar

windows7-x64

1

Crossbow.jar

windows10-2004-x64

7

DeconTable.jar

windows7-x64

1

DeconTable.jar

windows10-2004-x64

7

DisenchanterMod.jar

windows7-x64

1

DisenchanterMod.jar

windows10-2004-x64

7

DummyMod.jar

windows7-x64

1

DummyMod.jar

windows10-2004-x64

7

EerieEntities.jar

windows7-x64

1

EerieEntities.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-04-2024 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Backpacks.jar

  • Size

    230KB

  • MD5

    575669bf0854451ca8e0d2a80869b0c9

  • SHA1

    081807b00c859d209aafda8622f2126316d10c25

  • SHA256

    f0c699d83808fe952357b77b5396746cf55b7bdbe28a43800ba3a1f1091df41e

  • SHA512

    66ce6bf4e03dedffc3c3cc21b4dc4ba0a19ded371f450145ed071119888f2a31490092f8b0fb9fa67fcc45eb8b5b35768d8b4ebdeb5d0e8c661d590cef03a6ed

  • SSDEEP

    3072:N1PWMTQNJyBr+u+03218+PXR6+o9K1GUR4I8QlCKLp1qccOxcyN2TehK01Tvh0K:3MOB+5q+PXR6+kK1BR5tCi1qOxnZ4m0K

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Backpacks.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    4357a4ade69310489e3f1b5411b88d71

    SHA1

    66f6731a06a14725c8f9ecd306bee74b84863265

    SHA256

    3771b8b32000decb7f88a7ace1fd949b8272712f80a2d55982d387cf998a2921

    SHA512

    f8c6765592a4639a3ea7a4a8ab2f7e637749ee8226a7b1625adaf00d61dcae52b91be0b6be820959890e97fd36dc883dcdf51ade5a490a99d4d862b60113844d

    Download Submit

  • memory/1072-4-0x00000249C8030000-0x00000249C9030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1072-12-0x00000249C8010000-0x00000249C8011000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1072-13-0x00000249C8030000-0x00000249C9030000-memory.dmp

    Filesize

    16.0MB

    Download