7d70b19371306e1600e68018971da0ba6c2debaa923a476193f4431ba4d1153e

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2024 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OptiCraft JAVA 1.8.9/mcdata/runtime/lib/ext/nashorn.jar
Size

1.9MB
MD5

363a4d6f6b3b7a26d0155eb898def83c
SHA1

5832612be21063357b69a86065945a574d966639
SHA256

bfa6029e713566436906ba4e632b283b47d24f2a08a97a7015d84f86c0a8e383
SHA512

90eab69338d913ad4bf3a6affe117c46a4d8884c78c333da97c43dfab09b53d9681505f50dacfacb821f12bd4d17ebe1e681729d9ec2c8c54bec9538ec1624ed
SSDEEP

24576:oyGrkOzr6Tn/7PjuxPIeX0r8JmxPTvC49FBruaOhhJ4RJlnrm9c5gz80F3hsJIh+:ojr5enrheXS8K7pXQARJlrJ5k8s35c

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4656	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4008 wrote to memory of 4656	4008	java.exe	88
PID 4008 wrote to memory of 4656	4008	java.exe	88

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\OptiCraft JAVA 1.8.9\mcdata\runtime\lib\ext\nashorn.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:4008
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
1a6e8504415d50cc5b6c1099bb5b5c04

SHA1
5f2fb54924b9b41a7f7dea641775647e5e0c0bf6

SHA256
dfe805d3b5c2a9c35dd080bd4e5f94e1056f9c0872636149faea9e9842ea8b5f

SHA512
fc335ecaa67c1321f38484bdee795dcd909b7dda4850b8db7d7f531a327c7c69cb76fe6553e6838a83b088c7770dea400dcf6552d06fbbdc73cb8f888579b674

Download Submit
memory/4008-31-0x000001B1A0950000-0x000001B1A0960000-memory.dmp

Filesize
64KB

Download
memory/4008-15-0x000001B1A08F0000-0x000001B1A0900000-memory.dmp

Filesize
64KB

Download
memory/4008-41-0x000001B1A09B0000-0x000001B1A09C0000-memory.dmp

Filesize
64KB

Download
memory/4008-17-0x000001B1A0900000-0x000001B1A0910000-memory.dmp

Filesize
64KB

Download
memory/4008-19-0x000001B1A0910000-0x000001B1A0920000-memory.dmp

Filesize
64KB

Download
memory/4008-21-0x000001B1A0920000-0x000001B1A0930000-memory.dmp

Filesize
64KB

Download
memory/4008-24-0x000001B1A0930000-0x000001B1A0940000-memory.dmp

Filesize
64KB

Download
memory/4008-30-0x000001B1A0940000-0x000001B1A0950000-memory.dmp

Filesize
64KB

Download
memory/4008-35-0x000001B1A0990000-0x000001B1A09A0000-memory.dmp

Filesize
64KB

Download
memory/4008-38-0x000001B1A09A0000-0x000001B1A09B0000-memory.dmp

Filesize
64KB

Download
memory/4008-34-0x000001B1A0980000-0x000001B1A0990000-memory.dmp

Filesize
64KB

Download
memory/4008-33-0x000001B1A0970000-0x000001B1A0980000-memory.dmp

Filesize
64KB

Download
memory/4008-32-0x000001B1A0960000-0x000001B1A0970000-memory.dmp

Filesize
64KB

Download
memory/4008-2-0x000001B1A0670000-0x000001B1A08E0000-memory.dmp

Filesize
2.4MB

Download
memory/4008-55-0x000001B1A09A0000-0x000001B1A09B0000-memory.dmp

Filesize
64KB

Download
memory/4008-14-0x000001B1A08E0000-0x000001B1A08F0000-memory.dmp

Filesize
64KB

Download
memory/4008-40-0x000001B1A08E0000-0x000001B1A08F0000-memory.dmp

Filesize
64KB

Download
memory/4008-42-0x000001B1A0650000-0x000001B1A0651000-memory.dmp

Filesize
4KB

Download
memory/4008-44-0x000001B1A08F0000-0x000001B1A0900000-memory.dmp

Filesize
64KB

Download
memory/4008-45-0x000001B1A0900000-0x000001B1A0910000-memory.dmp

Filesize
64KB

Download
memory/4008-46-0x000001B1A0910000-0x000001B1A0920000-memory.dmp

Filesize
64KB

Download
memory/4008-47-0x000001B1A0920000-0x000001B1A0930000-memory.dmp

Filesize
64KB

Download
memory/4008-48-0x000001B1A0930000-0x000001B1A0940000-memory.dmp

Filesize
64KB

Download
memory/4008-49-0x000001B1A0940000-0x000001B1A0950000-memory.dmp

Filesize
64KB

Download
memory/4008-50-0x000001B1A0950000-0x000001B1A0960000-memory.dmp

Filesize
64KB

Download
memory/4008-53-0x000001B1A0980000-0x000001B1A0990000-memory.dmp

Filesize
64KB

Download
memory/4008-52-0x000001B1A0970000-0x000001B1A0980000-memory.dmp

Filesize
64KB

Download
memory/4008-51-0x000001B1A0960000-0x000001B1A0970000-memory.dmp

Filesize
64KB

Download
memory/4008-54-0x000001B1A0990000-0x000001B1A09A0000-memory.dmp

Filesize
64KB

Download
memory/4008-39-0x000001B1A0670000-0x000001B1A08E0000-memory.dmp

Filesize
2.4MB

Download