908a41f6da93b384000374260d6031c109ce07604ae4b4ce27809b1a18829d17

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 14:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

jei-1.20.1-forge-15.3.0.4.jar
Size

1.1MB
MD5

8f2c0bbb8f691be76f0b44c1d61d94e7
SHA1

1a431d34991d51998f9971c4291bac2d58eaa154
SHA256

908a41f6da93b384000374260d6031c109ce07604ae4b4ce27809b1a18829d17
SHA512

ed6e240182aac592963b1f0bf0252f5f17dded33da6201e8a2eba460a7e25ec8c2d68e9798f858a19e63879867530c77903e491b537ba25d8e0e138b540f50e4
SSDEEP

24576:uPyzRoPsB9V3eWg933WGrVgrQ47iZEDLWUrYTiKNO:uPjsrV3eWmRVgU47iiGUDKNO

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2732	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2732	2240	java.exe	85
PID 2240 wrote to memory of 2732	2240	java.exe	85

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\jei-1.20.1-forge-15.3.0.4.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
ab88de7456c2dd1f6e6f22b9f319fabb

SHA1
43cb38c734b1e130a54b43aac545e6ba24d6976a

SHA256
0e10bbd98d11c00a4a6aedec7fade8ce27c4906b867d03d3c40bf8587227087d

SHA512
12ff3b7f3a01c43d8d2809c1285e4a88be5207c96d47665c10eb20216fd76354a57a44c46d816bd83d3afde6a388f0e1774e8f8bf7e35a9cf46bd72bc17eab55

Download Submit
memory/2240-4-0x0000027CA5E50000-0x0000027CA6E50000-memory.dmp

Filesize
16.0MB

Download
memory/2240-12-0x0000027CA5E30000-0x0000027CA5E31000-memory.dmp

Filesize
4KB

Download