Overview
overview
10Static
static
10decompiler...or.exe
windows7-x64
7decompiler...or.exe
windows10-2004-x64
7decompiler...obf.py
windows7-x64
3decompiler...obf.py
windows10-2004-x64
3decompiler...ben.py
windows7-x64
3decompiler...ben.py
windows10-2004-x64
3decompiler...ank.py
windows7-x64
3decompiler...ank.py
windows10-2004-x64
3decompiler...ean.py
windows7-x64
3decompiler...ean.py
windows10-2004-x64
3decompiler...una.py
windows7-x64
3decompiler...una.py
windows10-2004-x64
3decompiler...obf.py
windows7-x64
3decompiler...obf.py
windows10-2004-x64
3decompiler...her.py
windows7-x64
3decompiler...her.py
windows10-2004-x64
3decompiler...er.jar
windows7-x64
1decompiler...er.jar
windows10-2004-x64
7decompiler...pycdas
ubuntu-22.04-amd64
1decompiler...as.exe
windows7-x64
1decompiler...as.exe
windows10-2004-x64
1decompiler.../pycdc
ubuntu-24.04-amd64
1decompiler...dc.exe
windows7-x64
1decompiler...dc.exe
windows10-2004-x64
1decompiler...in/upx
ubuntu-24.04-amd64
1decompiler...px.exe
windows7-x64
7decompiler...px.exe
windows10-2004-x64
7decompiler...fig.py
windows7-x64
3decompiler...fig.py
windows10-2004-x64
3decompiler...ile.py
windows7-x64
3decompiler...ile.py
windows10-2004-x64
3decompiler...ion.py
windows7-x64
3Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01-06-2024 13:54
Behavioral task
behavioral1
Sample
decompiler for malware/GeFrost Exucutor.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
decompiler for malware/GeFrost Exucutor.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
decompiler for malware/Grabbers-Deobfuscator-main/deobf.py
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
decompiler for malware/Grabbers-Deobfuscator-main/deobf.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/ben.py
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/ben.py
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/blank.py
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/blank.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/empyrean.py
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/empyrean.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/luna.py
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/luna.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/notobf.py
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/notobf.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/other.py
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
decompiler for malware/Grabbers-Deobfuscator-main/methods/other.py
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/fernflower.jar
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/fernflower.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdas
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral20
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdas.exe
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdas.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral22
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdc
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral23
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdc.exe
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/upx
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral26
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/upx.exe
Resource
win7-20240508-en
Behavioral task
behavioral27
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/upx.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral28
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/config.py
Resource
win7-20240220-en
Behavioral task
behavioral29
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/config.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral30
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/decompile.py
Resource
win7-20231129-en
Behavioral task
behavioral31
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/decompile.py
Resource
win10v2004-20240426-en
Behavioral task
behavioral32
Sample
decompiler for malware/Grabbers-Deobfuscator-main/utils/deobfuscation.py
Resource
win7-20240221-en
General
-
Target
decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/fernflower.jar
-
Size
690KB
-
MD5
be01dbc47a455dddfc724d5efe13b490
-
SHA1
0d96a3b0cb32a0e70cc563a2dcdcea5ef61d45b5
-
SHA256
74b609647d74e4ce04e9beef230a7460e74de03bf41703f961bbe704d4938b8f
-
SHA512
4ee6e1b935bc428e16103485da5440ae5b968334f023c7872247d52f1d0c000f8f49bc9101e955999c0338c88d34392f14eff2143c167675f7f5888a0be91094
-
SSDEEP
12288:lSBknFucLVNrGJASNYa5k3qIhOhsioN46D2xFGDwHyhfsYFY5D/:lUcLVNEA0N5kaVhBjGDdhkYUD
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 2856 wrote to memory of 464 2856 java.exe icacls.exe PID 2856 wrote to memory of 464 2856 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar "C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\utils\bin\fernflower.jar"1⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:464
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestampFilesize
46B
MD54c2868877d2675e51c28fe69d1a31979
SHA1226a253b4dbccd6c77d55534f3e6adc46ac28f50
SHA2563ff7e6690277c43130bb2e9b8a89784c6ca86aab4d6840d97ec5dd61991081fd
SHA5121925e9d918056319dd8461e76e5202ff84637da8a438722ed7ed48153ec5c412d77d995661f418752b6666e4712758e950dfbd7bc9ec17a35aef855acbf19dba
-
memory/2856-2-0x000001E3EC4D0000-0x000001E3EC740000-memory.dmpFilesize
2.4MB
-
memory/2856-12-0x000001E3EAD00000-0x000001E3EAD01000-memory.dmpFilesize
4KB
-
memory/2856-14-0x000001E3EC4D0000-0x000001E3EC740000-memory.dmpFilesize
2.4MB