7d70b19371306e1600e68018971da0ba6c2debaa923a476193f4431ba4d1153e

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OptiCraft JAVA 1.8.9/mcdata/runtime/lib/ext/cldrdata.jar
Size

3.7MB
MD5

66dcb03f62cdd771f675bae0b9a63b3a
SHA1

a2019916eea73bd047b06cacbbd386eec6052acb
SHA256

b8323e2afbb4f44274465312f1a64a270d102afe7bf55dd25104b0a6c8b607b7
SHA512

92a0734eb458f60f3c5abc09d3928535f2c56a2a7e1d300bcce0211de95b503b7bcc4d86da16ad8aa9e70be851bd8ac7a8db39061de2b3c23ae3e521f2f5addc
SSDEEP

98304:XAFqDfputrofsfAvtGFcJdzNZVdE4TWTJgYOkRi0QjwU:XAFMYoQ4tGFoRfUk0NQEU

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1896	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 1896	3720	java.exe	90
PID 3720 wrote to memory of 1896	3720	java.exe	90

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\OptiCraft JAVA 1.8.9\mcdata\runtime\lib\ext\cldrdata.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
4a385436480ac59e1f2423a10cdaef33

SHA1
1026b38e43727f75528c8e4f2c8a2b979c3c979f

SHA256
072e331f3d6965d13d2fa26493afa3f1b9d3d49ca0f813b4844e4eee10158081

SHA512
509d34cde11aae69b28bca6dd336e944687d52fe00c49a34b85cb54dedee07b39bff88ff0b7d9c166ff43c0d58d5147d8f5e125ab566b1608b4ed26c4b919570

Download Submit
memory/3720-2-0x0000019CEE7E0000-0x0000019CEEA50000-memory.dmp

Filesize
2.4MB

Download
memory/3720-11-0x0000019CEE7C0000-0x0000019CEE7C1000-memory.dmp

Filesize
4KB

Download
memory/3720-13-0x0000019CEE7E0000-0x0000019CEEA50000-memory.dmp

Filesize
2.4MB

Download