Overview

overview

7

Static

static

6

eleonorev1...432.js

windows7-x64

3

eleonorev1...432.js

windows10-2004-x64

3

eleonorev1...34.jar

windows7-x64

1

eleonorev1...34.jar

windows10-2004-x64

7

Bol Downloader.dll

windows7-x64

1

Bol Downloader.dll

windows10-2004-x64

1

eleonorev1...ypt.js

windows7-x64

3

eleonorev1...ypt.js

windows10-2004-x64

3

eleonorev1...exp.js

windows7-x64

3

eleonorev1...exp.js

windows10-2004-x64

3

eleonorev1...oip.js

windows7-x64

3

eleonorev1...oip.js

windows10-2004-x64

3

eleonorev1...l.html

windows7-x64

1

eleonorev1...l.html

windows10-2004-x64

1

eleonorev1...df.pdf

windows7-x64

1

eleonorev1...df.pdf

windows10-2004-x64

1

eleonorev1...oc.vbs

windows7-x64

1

eleonorev1...oc.vbs

windows10-2004-x64

1

eleonorev1...tat.js

windows7-x64

3

eleonorev1...tat.js

windows10-2004-x64

3

eleonorev1...per.js

windows7-x64

3

eleonorev1...per.js

windows10-2004-x64

3

eleonorev1...4/x.js

windows7-x64

3

eleonorev1...4/x.js

windows10-2004-x64

3

eleonorev1...bb.jar

windows7-x64

1

eleonorev1...bb.jar

windows10-2004-x64

7

eleonorev1...432.js

windows7-x64

3

eleonorev1...432.js

windows10-2004-x64

3

eleonorev1...9d.jar

windows7-x64

1

eleonorev1...9d.jar

windows10-2004-x64

7

eleonorev1...ypt.js

windows7-x64

3

eleonorev1...ypt.js

windows10-2004-x64

3

Analysis

  • max time kernel
    136s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 05:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eleonorev1.4.4 mod/fudfiles/8c9d.jar

  • Size

    20KB

  • MD5

    94e99de80c357d01e64abf7dc5bd0ebd

  • SHA1

    1ef2edc4c0dba41a225cb1a0f25b79e49a8ce9cb

  • SHA256

    dc8c2034316653fc9efbdbe30130ef0a6d3d8d55f05dacd9fcdd222ca6949a61

  • SHA512

    1548b565fd899a18c847a2151a36c0c8ab6588deeef85a1eed86fed9ec5d1737d602e6d43caff06cfa5a993836d3839bab335581d16f1b526a2888d025165e68

  • SSDEEP

    384:NsdPuD6x82H9e3ju9WWI8zrLySc+UHrZL0fks:Nsp1diyoWfzwv28s

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\eleonorev1.4.4 mod\fudfiles\8c9d.jar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1280

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    fc87715b3980134b6e611a54ce1661a5

    SHA1

    69c9454ef17687de25be7bf91235bc84ed86435d

    SHA256

    432d17138ab81af80646f02da178c9eb1c5970372c0415f20c952dc4159ce414

    SHA512

    c0b7f28f8f15085295136b7b3ee3438531e2cf585893df09003866e0ee7b111d108835cc323b35b47a222b2c1f7049aee070f48ba19d1097c440808d90634945

    Download Submit
  • memory/4628-2-0x00000204A8430000-0x00000204A86A0000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4628-12-0x00000204A6A00000-0x00000204A6A01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4628-13-0x00000204A8430000-0x00000204A86A0000-memory.dmp
    Filesize

    2.4MB

    Download