22889081412dbd4036c4a87c539f23a049e64aa2f850aee4da91464001e01d17

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 12:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

overrides/Flan/WW2-Content+Pack-1.12.2-5.7.2.jar
Size

5.4MB
MD5

0f4b59db4605f5ccab6ece88d22f21b3
SHA1

aa138ecc99bd1d232def1c02b4908448a755e4bd
SHA256

03f59108465c9cbcb916261b973dfd08f9a69e0bf3c1068f4b6304b1d7f0a94b
SHA512

830c002b568becee5a93acaa3bc8a33aa90018b3430a02f8ee747519243efc665649817e16bb035ad0316166930daa2d68ae38724d20695ca2d45d2f345f040a
SSDEEP

98304:KGAZdfeJVpufFNvh7sm0T33zUWVeuRU9abGXQhtwieLsrNjrztUBeCF:UH2nufTvNsm0HzJ9RU0GXQQL4ztzi

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4580	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 4580	828	java.exe	95
PID 828 wrote to memory of 4580	828	java.exe	95

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\overrides\Flan\WW2-Content+Pack-1.12.2-5.7.2.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4572 --field-trial-handle=2320,i,3025503729105798828,9325691672526736153,262144 --variations-seed-version /prefetch:8
1⤵
PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
b981707eeb1ffb88d3bd81641c1d7587

SHA1
9d3f61871519c3f089225154c994e9ab304cca57

SHA256
955d066ca4060369482d17dcdb6ae55f895c848867f9361a5d59105c55430d6c

SHA512
523bdaa4e186c8185effbff4bbde966e782b81c638fabfc9e7da4113b91d714e3c21f3c7d1c2d4e77bfccee0448e9cbfb595647dce900ca244316d8379f21dfc

Download Submit
memory/828-4-0x000002829E4E0000-0x000002829F4E0000-memory.dmp

Filesize
16.0MB

Download
memory/828-12-0x000002829CCD0000-0x000002829CCD1000-memory.dmp

Filesize
4KB

Download