Overview

overview

7

Static

static

1

le ze modz.zip

windows7-x64

le ze modz.zip

windows10-2004-x64

1

AquaAcrobatics.jar

windows7-x64

1

AquaAcrobatics.jar

windows10-2004-x64

7

Artifacts.jar

windows7-x64

1

Artifacts.jar

windows10-2004-x64

7

AssetMover.jar

windows7-x64

1

AssetMover.jar

windows10-2004-x64

7

Backpacks.jar

windows7-x64

1

Backpacks.jar

windows10-2004-x64

7

Baubles.jar

windows7-x64

1

Baubles.jar

windows10-2004-x64

7

BetterThirdPerson.jar

windows7-x64

1

BetterThirdPerson.jar

windows10-2004-x64

7

Bookshelf.jar

windows7-x64

1

Bookshelf.jar

windows10-2004-x64

7

BountifulBaubles.jar

windows7-x64

1

BountifulBaubles.jar

windows10-2004-x64

7

ChocolateQ...ed.jar

windows7-x64

1

ChocolateQ...ed.jar

windows10-2004-x64

7

CosmeticAr...ed.jar

windows7-x64

1

CosmeticAr...ed.jar

windows10-2004-x64

7

Crossbow.jar

windows7-x64

1

Crossbow.jar

windows10-2004-x64

7

DeconTable.jar

windows7-x64

1

DeconTable.jar

windows10-2004-x64

7

DisenchanterMod.jar

windows7-x64

1

DisenchanterMod.jar

windows10-2004-x64

7

DummyMod.jar

windows7-x64

1

DummyMod.jar

windows10-2004-x64

7

EerieEntities.jar

windows7-x64

1

EerieEntities.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/04/2024, 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DummyMod.jar

  • Size

    32KB

  • MD5

    fcbb4656fcd9bebe4c69f4c84701289e

  • SHA1

    77ae10c019948bf1aec61b266e870609d8481058

  • SHA256

    def6e04f8ecb9b506447dc52ec0aa8e310c02463caaeb7f73955b612af59c252

  • SHA512

    6926bf60254f9af1ef1050709a75539edd3008c15c329e3562b38ed065d3f9fe27f4a2f81bc9e2e544194fe0dea6fa2af13395a1d74652dfb9445325562a33fc

  • SSDEEP

    768:VuUHhxQIl3v9/slv8dlEqu/ycv1ESF7LVB1znsJ6ZRjZ4mMN06dG4:VuUHhxXl3mlv8dlEquCOL5sJuRjZ/U0m

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\DummyMod.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2684
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2228,i,17475224967547320003,13667387715861799238,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:5096

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
      Filesize

      46B

      MD5

      fb31c3e878982e607397603e0bc05f0a

      SHA1

      d6dfd453e69909733038ed87b1f96217cf2becd6

      SHA256

      e98cda5a34b4ee37ea439b2a00213073ad3b7beb18f2d44061807867b757dd4a

      SHA512

      7f9ac02108f860103c40e8cc9420f679d3aea3efad01f8e05c655d6bedc14dc89c6811a6d86df6ccfcfc5ff1af00ed1ac2da8b2cd8c967bc0c30ed9b8866f675

      Download Submit

    • memory/2920-4-0x0000028980000000-0x0000028981000000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2920-12-0x00000289FEC00000-0x00000289FEC01000-memory.dmp

      Filesize

      4KB

      Download