409b2c1120c94dd076b70c97d6d8ecf7d6a07bc5328f2cabf8c77ae5fdd9bfbb

Resubmissions

10/04/2024, 14:09

240410-rglekaae67 1

10/04/2024, 14:08

240410-rfycqsae35 1

10/04/2024, 14:05

240410-rd1ebade4z 7

Analysis

max time kernel
42s
max time network
61s
platform
windows11-21h2_x64
resource
win11-20240319-en
resource tags

arch:x64arch:x86image:win11-20240319-enlocale:en-usos:windows11-21h2-x64system
submitted
10/04/2024, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FreeVBucks.jar
Size

8KB
MD5

beed358e0cd7f27fe71f2d8662344c90
SHA1

09b70e97e88dcb75943a5053aafd7ffef063bdc1
SHA256

409b2c1120c94dd076b70c97d6d8ecf7d6a07bc5328f2cabf8c77ae5fdd9bfbb
SHA512

68f9d2a8b1bdfc7caeae6fdf19bb1f51af3abeba1e4ece2974f7dd280bcfef2d0ac2e780b50910d8908d874427fee616ae71a02e28e2e6b54b50cd6ff01d80b6
SSDEEP

192:rGLStammxQZmn46v59kKmqiiNjbbTY63lKxtnsDDXBFCNqrCU:rGCWlBDmTiN//VKPsDD3yqH

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2208	icacls.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3540	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2208	2800	java.exe	82
PID 2800 wrote to memory of 2208	2800	java.exe	82

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\FreeVBucks.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2208

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
da8b15cb300b5415cb6e1ffeecd28f2c

SHA1
614dc754071eede190868349e8eb563c67683796

SHA256
7e8292bfe9cb2c6540af536e585344ee8099333c049a5ca583c9497b7ff2c585

SHA512
7e39828d19041a71cadd863985c936b73c7384235cc9bc1a42418c7f3a271d5efad737d8481e79eee65fb8c840d0cdb964e53ac2b1404aaebbae02aad8d3d1fb

Download Submit
memory/2800-4-0x0000026D57410000-0x0000026D58410000-memory.dmp

Filesize
16.0MB

Download
memory/2800-13-0x0000026D55DC0000-0x0000026D55DC1000-memory.dmp

Filesize
4KB

Download
memory/2800-14-0x0000026D57410000-0x0000026D58410000-memory.dmp

Filesize
16.0MB

Download