Analysis

  • max time kernel
    452s
  • max time network
    1173s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31-05-2024 17:38

General

  • Target

    Grabbers-Deobfuscator-main/utils/bin/fernflower.jar

  • Size

    690KB

  • MD5

    be01dbc47a455dddfc724d5efe13b490

  • SHA1

    0d96a3b0cb32a0e70cc563a2dcdcea5ef61d45b5

  • SHA256

    74b609647d74e4ce04e9beef230a7460e74de03bf41703f961bbe704d4938b8f

  • SHA512

    4ee6e1b935bc428e16103485da5440ae5b968334f023c7872247d52f1d0c000f8f49bc9101e955999c0338c88d34392f14eff2143c167675f7f5888a0be91094

  • SSDEEP

    12288:lSBknFucLVNrGJASNYa5k3qIhOhsioN46D2xFGDwHyhfsYFY5D/:lUcLVNEA0N5kaVhBjGDdhkYUD

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Grabbers-Deobfuscator-main\utils\bin\fernflower.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    9c26444eb054e3f95d03302e5acf9a64

    SHA1

    2af69d919c0b37447c479238c5a81e2e1d90bf72

    SHA256

    c25aafa7dfaac7e0aeef9617c39f0319ac9d333f088852111fa99622347ba1d1

    SHA512

    cc22143b24676b1576aed2cd3220608e9d65fd52b42b62b5ce96626fb6df159bae9e2a3e59118e5a8674fb8b7e67e88222c10b41b13b0759a05a18cab1b1902c

  • memory/1376-2-0x0000029712930000-0x0000029712BA0000-memory.dmp
    Filesize

    2.4MB

  • memory/1376-13-0x0000029710F60000-0x0000029710F61000-memory.dmp
    Filesize

    4KB

  • memory/1376-14-0x0000029712930000-0x0000029712BA0000-memory.dmp
    Filesize

    2.4MB