016cb6981252af64f23141c9e5b2bf15336bd9a72ebac613e79cf0fb81ca78ca

Analysis

max time kernel
142s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

forge-1.20.4-49.0.43-installer.jar
Size

5.2MB
MD5

262df19df9839096a9ba398986282de3
SHA1

7aaf47164241140cb54ae6b4870aa6e5a6a754a8
SHA256

016cb6981252af64f23141c9e5b2bf15336bd9a72ebac613e79cf0fb81ca78ca
SHA512

ca4c4e36ea79deda0e53e7db280c583c7e7ddbf9e176cb4fe6e59264c20699a6e3cd1c15e5a15046b07c2b00c5e1369a2fe52c2899f91700b0145f1687159e09
SSDEEP

98304:ltMyWqmNpnn5UAGyM3fIwdNmnsZ1iEZiSmRXiesoivsULegUDWvfQ:jWqMdna3eU9LrsDWHQ

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2068	icacls.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2912	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2068	2912	java.exe	85
PID 2912 wrote to memory of 2068	2912	java.exe	85

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\forge-1.20.4-49.0.43-installer.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
f2f46fc241f371b2172e201fc059abd5

SHA1
ea180d87c8aee095d03191c4ac1e7b999dfffe31

SHA256
8e4f1e6f55893ac5d6398bd74f466f94c915e868f31aab6fd69c0c88655c3ed0

SHA512
0c65f9381975565c9d5ce0656ae87302c45f2ec07b6af4b9e2f630d01d89f3fca0361e0f8bdf0962e0dda6255e7c3ec55148f01741dd3eab808a9f677f43484d

Download Submit
memory/2912-82-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-125-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-78-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-32-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-38-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-45-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-49-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-58-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-61-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-69-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-72-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-73-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-76-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-79-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-22-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-84-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-12-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-87-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-93-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-95-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-97-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-99-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-104-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-106-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-109-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-113-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-117-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-118-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-119-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download
memory/2912-124-0x0000025083800000-0x0000025083801000-memory.dmp

Filesize
4KB

Download
memory/2912-4-0x0000025085190000-0x0000025086190000-memory.dmp

Filesize
16.0MB

Download