Overview

overview

7

Static

static

3

Nurik/Crac...er.exe

windows10-2004-x64

5

Nurik/clie...36.ps1

windows10-2004-x64

1

Nurik/clie...4e.ps1

windows10-2004-x64

1

Nurik/clie...28.jar

windows10-2004-x64

7

Nurik/clie...17.jar

windows10-2004-x64

7

Nurik/clie....0.jar

windows10-2004-x64

7

Nurik/clie...10.jar

windows10-2004-x64

7

Nurik/clie....1.jar

windows10-2004-x64

7

Nurik/clie....5.jar

windows10-2004-x64

7

Nurik/clie....5.jar

windows10-2004-x64

7

Nurik/clie....3.jar

windows10-2004-x64

7

Nurik/clie...26.jar

windows10-2004-x64

7

Nurik/clie...pc.jar

windows10-2004-x64

7

Nurik/clie....9.jar

windows10-2004-x64

7

Nurik/clie....1.jar

windows10-2004-x64

7

Nurik/clie....0.jar

windows10-2004-x64

7

Nurik/clie....0.jar

windows10-2004-x64

7

Nurik/clie....3.jar

windows10-2004-x64

7

Nurik/clie....2.jar

windows10-2004-x64

7

Nurik/clie....1.jar

windows10-2004-x64

7

Nurik/clie...22.jar

windows10-2004-x64

7

Nurik/jdk/...vm.dll

windows10-2004-x64

1

Nurik/jdk/...en.dll

windows10-2004-x64

1

Nurik/jdk/...ge.dll

windows10-2004-x64

1

Nurik/jdk/...pi.dll

windows10-2004-x64

1

Nurik/jdk/...se.dll

windows10-2004-x64

1

Nurik/jdk/...40.dll

windows10-2004-x64

1

Nurik/jdk/..._1.dll

windows10-2004-x64

1

Nurik/jdk/...fy.dll

windows10-2004-x64

1

Nurik/jdk/...th.dll

windows10-2004-x64

1

Nurik/jdk/...64.dll

windows10-2004-x64

1

Nurik/jdk/bin/zip.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    509s
  • max time network
    652s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 15:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Nurik/client_1_16_5/libraries/datafixerupper-4.0.26.jar

  • Size

    657KB

  • MD5

    2fed12ebc12229db27ac65d998622ba0

  • SHA1

    ebd6690f33871ccee9b6132c6480668ee2e35020

  • SHA256

    58fcc65cf4bde25a70073e574a15cff790df176920dd219291d5649f24417316

  • SHA512

    9a42b869b8d764f2536265b7b15dbe79a472dea1e8008dfcddbf13c226ab75e4905a0a422fbf9aa4bb833494f04194ba4d62f01b90975a947a6a2eb0f2a120df

  • SSDEEP

    12288:JyfWVJtQz3QEQUGJMJvZXAx3S58jYRZfA9R5+jeOSnWazPXEwoSXQc:JyuV3xJyvZXAxjQAh+7VazPXf

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Nurik\client_1_16_5\libraries\datafixerupper-4.0.26.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3700
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4400

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2916-2-0x0000022A325D0000-0x0000022A335D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2916-11-0x0000022A30D70000-0x0000022A30D71000-memory.dmp

      Filesize

      4KB

      Download