Analysis
-
max time kernel
33s -
max time network
33s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04-06-2024 01:20
Static task
static1
Behavioral task
behavioral1
Sample
earthhack-fabric-1.0.1.jar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
earthhack-fabric-1.0.1.jar
Resource
win10v2004-20240508-en
General
-
Target
earthhack-fabric-1.0.1.jar
-
Size
6.0MB
-
MD5
2822c65aa075bab9f40c177c26088b71
-
SHA1
64d9e7dbfa04f2d76b3a24b49608b721f65741f9
-
SHA256
cf7ac87b097ca8b7f04c1b0e76c23258534b8d9c4af44b9b9af9c4c1ec372408
-
SHA512
7621eb05e45aea7e514284d8a5769e1598e44cd7ba41cfe1b8f41d1204090af9b50cf378d0ee98f53ce4ad0ea6fd63f6bdf6a2cc17635fb131fa941af0949927
-
SSDEEP
98304:LzLNoFvXyRaSV7LPZ6qldNacgKwW57ZU6F4eiOz6Y70DY2LG9qpyslvrEsCAb3:72ARF7LPZNa6y4vmD3LG9qpj4s3b3
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 548 wrote to memory of 3936 548 java.exe icacls.exe PID 548 wrote to memory of 3936 548 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\earthhack-fabric-1.0.1.jar1⤵
- Suspicious use of WriteProcessMemory
PID:548 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:3936
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5dd65143d19762cbb04cdb62d1c71fc0f
SHA173f88959efcffb54cb2d48f92bd5f5acd34e3c0b
SHA256015cdb63b6ad37c35cb8dabdb1b38f4bcb0e8ffb087602b4086ca38b8a4de242
SHA5122eefe6edc44243cf52527cb1f2ef2dc59241194ba5f4196bc5030f41c4f77c8d636dc161c6cad8198e5b6b0ab7c3e47f0db855b33dea27152fc6d41187a04dfe