Overview
overview
7Static
static
3WBNS X FNF...NF.exe
windows7-x64
6WBNS X FNF...NF.exe
windows10-2004-x64
6WBNS X FNF...lc.dll
windows7-x64
1WBNS X FNF...lc.dll
windows10-2004-x64
1WBNS X FNF...re.dll
windows7-x64
1WBNS X FNF...re.dll
windows10-2004-x64
1WBNS X FNF...me.dll
windows7-x64
1WBNS X FNF...me.dll
windows10-2004-x64
1WBNS X FNF...ion.js
windows7-x64
3WBNS X FNF...ion.js
windows10-2004-x64
3WBNS X FNF...ter.js
windows7-x64
3WBNS X FNF...ter.js
windows10-2004-x64
3WBNS X FNF...in.dll
windows7-x64
1WBNS X FNF...in.dll
windows10-2004-x64
1WBNS X FNF...in.dll
windows7-x64
1WBNS X FNF...in.dll
windows10-2004-x64
1WBNS X FNF...in.dll
windows7-x64
1WBNS X FNF...in.dll
windows10-2004-x64
1WBNS X FNF...in.dll
windows7-x64
1WBNS X FNF...in.dll
windows10-2004-x64
1WBNS X FNF...in.dll
windows7-x64
1WBNS X FNF...in.dll
windows10-2004-x64
1WBNS X FNF...in.dll
windows7-x64
1WBNS X FNF...in.dll
windows10-2004-x64
1WBNS X FNF...in.dll
windows7-x64
1WBNS X FNF...in.dll
windows10-2004-x64
1WBNS X FNF....2.jar
windows7-x64
1WBNS X FNF....2.jar
windows10-2004-x64
7WBNS X FNF....2.jar
windows7-x64
1WBNS X FNF....2.jar
windows10-2004-x64
7WBNS X FNF...in.dll
windows7-x64
1WBNS X FNF...in.dll
windows10-2004-x64
1Analysis
-
max time kernel
137s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 01:01
Static task
static1
Behavioral task
behavioral1
Sample
WBNS X FNF V1/WBNS X FNF.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
WBNS X FNF V1/WBNS X FNF.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
WBNS X FNF V1/libvlc.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
WBNS X FNF V1/libvlc.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
WBNS X FNF V1/libvlccore.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
WBNS X FNF V1/libvlccore.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
WBNS X FNF V1/lime.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
WBNS X FNF V1/lime.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
WBNS X FNF V1/mods/All wbns/scripts/optimization.js
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
WBNS X FNF V1/mods/All wbns/scripts/optimization.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
WBNS X FNF V1/mods/Unwebonable/extra_scripts/extraCharacter.js
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
WBNS X FNF V1/mods/Unwebonable/extra_scripts/extraCharacter.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
WBNS X FNF V1/plugins/access/libaccess_concat_plugin.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
WBNS X FNF V1/plugins/access/libaccess_concat_plugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
WBNS X FNF V1/plugins/access/libaccess_imem_plugin.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
WBNS X FNF V1/plugins/access/libaccess_imem_plugin.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
WBNS X FNF V1/plugins/access/libaccess_mms_plugin.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
WBNS X FNF V1/plugins/access/libaccess_mms_plugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
WBNS X FNF V1/plugins/access/libaccess_realrtsp_plugin.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
WBNS X FNF V1/plugins/access/libaccess_realrtsp_plugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
WBNS X FNF V1/plugins/access/libaccess_srt_plugin.dll
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
WBNS X FNF V1/plugins/access/libaccess_srt_plugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
WBNS X FNF V1/plugins/access/libaccess_wasapi_plugin.dll
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
WBNS X FNF V1/plugins/access/libaccess_wasapi_plugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
WBNS X FNF V1/plugins/access/libattachment_plugin.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
WBNS X FNF V1/plugins/access/libattachment_plugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
WBNS X FNF V1/plugins/access/libbluray-awt-j2se-1.3.2.jar
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
WBNS X FNF V1/plugins/access/libbluray-awt-j2se-1.3.2.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
WBNS X FNF V1/plugins/access/libbluray-j2se-1.3.2.jar
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
WBNS X FNF V1/plugins/access/libbluray-j2se-1.3.2.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
WBNS X FNF V1/plugins/access/libcdda_plugin.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
WBNS X FNF V1/plugins/access/libcdda_plugin.dll
Resource
win10v2004-20240426-en
General
-
Target
WBNS X FNF V1/plugins/access/libbluray-awt-j2se-1.3.2.jar
-
Size
68KB
-
MD5
5b8dc68b7a41a3f64f7c630b6ad50578
-
SHA1
e64eaeb45b1e15071f660dda489225e11a72100c
-
SHA256
6ee22bfa0801fe733d769d1a9fb7264185986f8f4f0459408264b043851684bc
-
SHA512
7db252a8e5187d0709e34e7e7bc534e2f6946bb73d5550a4bd2f0ed768ca2b5d8e8606a4f6a373220e65cda48f82aca84f77e227b0c832a064829add527c489c
-
SSDEEP
1536:vsYBIlvwdVTCcXaqWoHIOACjEcAbkUbCvj4x+UdQ/w4BgPgau:UYTdkoJA1zbk2WMx/z4BgK
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 1144 wrote to memory of 2344 1144 java.exe icacls.exe PID 1144 wrote to memory of 2344 1144 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar "C:\Users\Admin\AppData\Local\Temp\WBNS X FNF V1\plugins\access\libbluray-awt-j2se-1.3.2.jar"1⤵
- Suspicious use of WriteProcessMemory
PID:1144 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:2344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD53211f5df89765a7779e0c9382778e890
SHA1f4b98ef1b9191265700f94e0a7da5bacfd576c01
SHA2560a6e0087edf5025c118c3cf72eba603cf385ff971c21b22b7c580446fede1d71
SHA5128c2b964f14d5b6faf317559718b443676c70fb3600731952ec5a7bfa786de34df6c218a0bdd6609b7a00657a1ce99fad4c66fc21ede8b6973142d6ba3eec8fff