Analysis

  • max time kernel
    33s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-06-2024 01:20

General

  • Target

    earthhack-fabric-1.0.1.jar

  • Size

    6.0MB

  • MD5

    2822c65aa075bab9f40c177c26088b71

  • SHA1

    64d9e7dbfa04f2d76b3a24b49608b721f65741f9

  • SHA256

    cf7ac87b097ca8b7f04c1b0e76c23258534b8d9c4af44b9b9af9c4c1ec372408

  • SHA512

    7621eb05e45aea7e514284d8a5769e1598e44cd7ba41cfe1b8f41d1204090af9b50cf378d0ee98f53ce4ad0ea6fd63f6bdf6a2cc17635fb131fa941af0949927

  • SSDEEP

    98304:LzLNoFvXyRaSV7LPZ6qldNacgKwW57ZU6F4eiOz6Y70DY2LG9qpyslvrEsCAb3:72ARF7LPZNa6y4vmD3LG9qpj4s3b3

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\earthhack-fabric-1.0.1.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:548
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

    Filesize

    46B

    MD5

    dd65143d19762cbb04cdb62d1c71fc0f

    SHA1

    73f88959efcffb54cb2d48f92bd5f5acd34e3c0b

    SHA256

    015cdb63b6ad37c35cb8dabdb1b38f4bcb0e8ffb087602b4086ca38b8a4de242

    SHA512

    2eefe6edc44243cf52527cb1f2ef2dc59241194ba5f4196bc5030f41c4f77c8d636dc161c6cad8198e5b6b0ab7c3e47f0db855b33dea27152fc6d41187a04dfe

  • memory/548-2-0x0000011318610000-0x0000011318880000-memory.dmp

    Filesize

    2.4MB

  • memory/548-11-0x00000113185F0000-0x00000113185F1000-memory.dmp

    Filesize

    4KB

  • memory/548-13-0x0000011318610000-0x0000011318880000-memory.dmp

    Filesize

    2.4MB