b8f38e63ef05c513491c3fc1e3d5f82702f4c75d44934fe59dfeb40f213334ed

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

forge-1.16.4-35.1.37-installer.jar
Size

6.8MB
MD5

c9848d5dcfb557e1e48143aff0d67340
SHA1

8127206a3a3df2ab2f1a5bf16ece0a729755f0cd
SHA256

b8f38e63ef05c513491c3fc1e3d5f82702f4c75d44934fe59dfeb40f213334ed
SHA512

8483920137aab9c0326db046317a359483b92214025052adaa49c8524aa2e0505c1c582606dc2b49c933f5cdb0be31268e51d0bdd3f3348482429039d71710db
SSDEEP

196608:3dAjMvwsg4TA7MZtEwaQqnM0Hf4ohHLDCc9ad:3dvNA7OCJ5nM6f4i/Psd

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
644	icacls.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2824	java.exe
2824	java.exe
2824	java.exe
2824	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 644	2824	java.exe	84
PID 2824 wrote to memory of 644	2824	java.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\forge-1.16.4-35.1.37-installer.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
7dc6e964f08185c9b96fcecc58535827

SHA1
c75de69df0ea20fa5ab54bcdeef1279697d4bc87

SHA256
c9453de9f865e841e0baee8fa4b953680dff61c74e0cc4830078c5ef2757b53a

SHA512
4b8ecfcd8a33e4aabd1b397be5dc10b2c072e1769ebd5e5ebfce9754e12d4ae038b29c80b2cbd26da4449cd1ab8555fd839da01b1717e9adb71512a7e41dde33

Download Submit
memory/2824-2-0x0000026F4C0E0000-0x0000026F4C350000-memory.dmp

Filesize
2.4MB

Download
memory/2824-12-0x0000026F4A6B0000-0x0000026F4A6B1000-memory.dmp

Filesize
4KB

Download
memory/2824-15-0x0000026F4C350000-0x0000026F4C360000-memory.dmp

Filesize
64KB

Download
memory/2824-17-0x0000026F4C360000-0x0000026F4C370000-memory.dmp

Filesize
64KB

Download
memory/2824-20-0x0000026F4C370000-0x0000026F4C380000-memory.dmp

Filesize
64KB

Download
memory/2824-22-0x0000026F4C380000-0x0000026F4C390000-memory.dmp

Filesize
64KB

Download
memory/2824-23-0x0000026F4C390000-0x0000026F4C3A0000-memory.dmp

Filesize
64KB

Download
memory/2824-26-0x0000026F4C3A0000-0x0000026F4C3B0000-memory.dmp

Filesize
64KB

Download
memory/2824-27-0x0000026F4C3B0000-0x0000026F4C3C0000-memory.dmp

Filesize
64KB

Download
memory/2824-29-0x0000026F4C3C0000-0x0000026F4C3D0000-memory.dmp

Filesize
64KB

Download
memory/2824-32-0x0000026F4C3D0000-0x0000026F4C3E0000-memory.dmp

Filesize
64KB

Download
memory/2824-37-0x0000026F4C3F0000-0x0000026F4C400000-memory.dmp

Filesize
64KB

Download
memory/2824-36-0x0000026F4C3E0000-0x0000026F4C3F0000-memory.dmp

Filesize
64KB

Download
memory/2824-35-0x0000026F4C0E0000-0x0000026F4C350000-memory.dmp

Filesize
2.4MB

Download
memory/2824-39-0x0000026F4C400000-0x0000026F4C410000-memory.dmp

Filesize
64KB

Download
memory/2824-38-0x0000026F4C350000-0x0000026F4C360000-memory.dmp

Filesize
64KB

Download
memory/2824-42-0x0000026F4C410000-0x0000026F4C420000-memory.dmp

Filesize
64KB

Download
memory/2824-41-0x0000026F4C360000-0x0000026F4C370000-memory.dmp

Filesize
64KB

Download
memory/2824-45-0x0000026F4C370000-0x0000026F4C380000-memory.dmp

Filesize
64KB

Download
memory/2824-46-0x0000026F4C420000-0x0000026F4C430000-memory.dmp

Filesize
64KB

Download
memory/2824-50-0x0000026F4C440000-0x0000026F4C450000-memory.dmp

Filesize
64KB

Download
memory/2824-49-0x0000026F4C430000-0x0000026F4C440000-memory.dmp

Filesize
64KB

Download
memory/2824-48-0x0000026F4C380000-0x0000026F4C390000-memory.dmp

Filesize
64KB

Download
memory/2824-53-0x0000026F4C450000-0x0000026F4C460000-memory.dmp

Filesize
64KB

Download
memory/2824-52-0x0000026F4C390000-0x0000026F4C3A0000-memory.dmp

Filesize
64KB

Download
memory/2824-58-0x0000026F4C460000-0x0000026F4C470000-memory.dmp

Filesize
64KB

Download
memory/2824-57-0x0000026F4C3A0000-0x0000026F4C3B0000-memory.dmp

Filesize
64KB

Download
memory/2824-63-0x0000026F4C470000-0x0000026F4C480000-memory.dmp

Filesize
64KB

Download
memory/2824-62-0x0000026F4C3B0000-0x0000026F4C3C0000-memory.dmp

Filesize
64KB

Download
memory/2824-66-0x0000026F4C3C0000-0x0000026F4C3D0000-memory.dmp

Filesize
64KB

Download
memory/2824-67-0x0000026F4C480000-0x0000026F4C490000-memory.dmp

Filesize
64KB

Download
memory/2824-69-0x0000026F4C3D0000-0x0000026F4C3E0000-memory.dmp

Filesize
64KB

Download
memory/2824-71-0x0000026F4C490000-0x0000026F4C4A0000-memory.dmp

Filesize
64KB

Download
memory/2824-72-0x0000026F4C3E0000-0x0000026F4C3F0000-memory.dmp

Filesize
64KB

Download
memory/2824-74-0x0000026F4C4A0000-0x0000026F4C4B0000-memory.dmp

Filesize
64KB

Download
memory/2824-73-0x0000026F4C3F0000-0x0000026F4C400000-memory.dmp

Filesize
64KB

Download
memory/2824-76-0x0000026F4C400000-0x0000026F4C410000-memory.dmp

Filesize
64KB

Download
memory/2824-77-0x0000026F4C4B0000-0x0000026F4C4C0000-memory.dmp

Filesize
64KB

Download
memory/2824-80-0x0000026F4C4C0000-0x0000026F4C4D0000-memory.dmp

Filesize
64KB

Download
memory/2824-79-0x0000026F4C410000-0x0000026F4C420000-memory.dmp

Filesize
64KB

Download
memory/2824-83-0x0000026F4C4D0000-0x0000026F4C4E0000-memory.dmp

Filesize
64KB

Download
memory/2824-82-0x0000026F4C420000-0x0000026F4C430000-memory.dmp

Filesize
64KB

Download
memory/2824-86-0x0000026F4C430000-0x0000026F4C440000-memory.dmp

Filesize
64KB

Download
memory/2824-88-0x0000026F4C4E0000-0x0000026F4C4F0000-memory.dmp

Filesize
64KB

Download
memory/2824-87-0x0000026F4C440000-0x0000026F4C450000-memory.dmp

Filesize
64KB

Download
memory/2824-90-0x0000026F4C450000-0x0000026F4C460000-memory.dmp

Filesize
64KB

Download
memory/2824-91-0x0000026F4C4F0000-0x0000026F4C500000-memory.dmp

Filesize
64KB

Download
memory/2824-93-0x0000026F4C460000-0x0000026F4C470000-memory.dmp

Filesize
64KB

Download
memory/2824-94-0x0000026F4C500000-0x0000026F4C510000-memory.dmp

Filesize
64KB

Download
memory/2824-101-0x0000026F4C510000-0x0000026F4C520000-memory.dmp

Filesize
64KB

Download
memory/2824-100-0x0000026F4C470000-0x0000026F4C480000-memory.dmp

Filesize
64KB

Download
memory/2824-104-0x0000026F4C520000-0x0000026F4C530000-memory.dmp

Filesize
64KB

Download
memory/2824-103-0x0000026F4C480000-0x0000026F4C490000-memory.dmp

Filesize
64KB

Download
memory/2824-105-0x0000026F4A6B0000-0x0000026F4A6B1000-memory.dmp

Filesize
4KB

Download
memory/2824-107-0x0000026F4C490000-0x0000026F4C4A0000-memory.dmp

Filesize
64KB

Download
memory/2824-108-0x0000026F4C530000-0x0000026F4C540000-memory.dmp

Filesize
64KB

Download
memory/2824-111-0x0000026F4C4A0000-0x0000026F4C4B0000-memory.dmp

Filesize
64KB

Download
memory/2824-112-0x0000026F4C540000-0x0000026F4C550000-memory.dmp

Filesize
64KB

Download
memory/2824-114-0x0000026F4C550000-0x0000026F4C560000-memory.dmp

Filesize
64KB

Download
memory/2824-113-0x0000026F4C4B0000-0x0000026F4C4C0000-memory.dmp

Filesize
64KB

Download
memory/2824-119-0x0000026F4C570000-0x0000026F4C580000-memory.dmp

Filesize
64KB

Download
memory/2824-118-0x0000026F4C560000-0x0000026F4C570000-memory.dmp

Filesize
64KB

Download
memory/2824-117-0x0000026F4C4C0000-0x0000026F4C4D0000-memory.dmp

Filesize
64KB

Download
memory/2824-122-0x0000026F4C580000-0x0000026F4C590000-memory.dmp

Filesize
64KB

Download
memory/2824-121-0x0000026F4C4D0000-0x0000026F4C4E0000-memory.dmp

Filesize
64KB

Download
memory/2824-125-0x0000026F4A6B0000-0x0000026F4A6B1000-memory.dmp

Filesize
4KB

Download
memory/2824-128-0x0000026F4C590000-0x0000026F4C5A0000-memory.dmp

Filesize
64KB

Download
memory/2824-127-0x0000026F4C4E0000-0x0000026F4C4F0000-memory.dmp

Filesize
64KB

Download
memory/2824-132-0x0000026F4C4F0000-0x0000026F4C500000-memory.dmp

Filesize
64KB

Download
memory/2824-133-0x0000026F4C5A0000-0x0000026F4C5B0000-memory.dmp

Filesize
64KB

Download
memory/2824-139-0x0000026F4C5B0000-0x0000026F4C5C0000-memory.dmp

Filesize
64KB

Download
memory/2824-138-0x0000026F4C500000-0x0000026F4C510000-memory.dmp

Filesize
64KB

Download
memory/2824-143-0x0000026F4C5C0000-0x0000026F4C5D0000-memory.dmp

Filesize
64KB

Download
memory/2824-142-0x0000026F4C510000-0x0000026F4C520000-memory.dmp

Filesize
64KB

Download
memory/2824-144-0x0000026F4A6B0000-0x0000026F4A6B1000-memory.dmp

Filesize
4KB

Download
memory/2824-146-0x0000026F4C520000-0x0000026F4C530000-memory.dmp

Filesize
64KB

Download
memory/2824-147-0x0000026F4C5D0000-0x0000026F4C5E0000-memory.dmp

Filesize
64KB

Download
memory/2824-150-0x0000026F4C5E0000-0x0000026F4C5F0000-memory.dmp

Filesize
64KB

Download
memory/2824-149-0x0000026F4C530000-0x0000026F4C540000-memory.dmp

Filesize
64KB

Download
memory/2824-153-0x0000026F4C5F0000-0x0000026F4C600000-memory.dmp

Filesize
64KB

Download
memory/2824-152-0x0000026F4C540000-0x0000026F4C550000-memory.dmp

Filesize
64KB

Download
memory/2824-156-0x0000026F4C600000-0x0000026F4C610000-memory.dmp

Filesize
64KB

Download
memory/2824-155-0x0000026F4C550000-0x0000026F4C560000-memory.dmp

Filesize
64KB

Download
memory/2824-158-0x0000026F4C560000-0x0000026F4C570000-memory.dmp

Filesize
64KB

Download
memory/2824-160-0x0000026F4C610000-0x0000026F4C620000-memory.dmp

Filesize
64KB

Download
memory/2824-159-0x0000026F4C570000-0x0000026F4C580000-memory.dmp

Filesize
64KB

Download
memory/2824-163-0x0000026F4C620000-0x0000026F4C630000-memory.dmp

Filesize
64KB

Download
memory/2824-162-0x0000026F4C580000-0x0000026F4C590000-memory.dmp

Filesize
64KB

Download
memory/2824-168-0x0000026F4C590000-0x0000026F4C5A0000-memory.dmp

Filesize
64KB

Download
memory/2824-169-0x0000026F4C630000-0x0000026F4C640000-memory.dmp

Filesize
64KB

Download
memory/2824-172-0x0000026F4C640000-0x0000026F4C650000-memory.dmp

Filesize
64KB

Download
memory/2824-171-0x0000026F4C5A0000-0x0000026F4C5B0000-memory.dmp

Filesize
64KB

Download
memory/2824-173-0x0000026F4A6B0000-0x0000026F4A6B1000-memory.dmp

Filesize
4KB

Download
memory/2824-175-0x0000026F4C5B0000-0x0000026F4C5C0000-memory.dmp

Filesize
64KB

Download
memory/2824-176-0x0000026F4C650000-0x0000026F4C660000-memory.dmp

Filesize
64KB

Download
memory/2824-179-0x0000026F4C660000-0x0000026F4C670000-memory.dmp

Filesize
64KB

Download
memory/2824-178-0x0000026F4C5C0000-0x0000026F4C5D0000-memory.dmp

Filesize
64KB

Download
memory/2824-180-0x0000026F4A6B0000-0x0000026F4A6B1000-memory.dmp

Filesize
4KB

Download
memory/2824-182-0x0000026F4C5D0000-0x0000026F4C5E0000-memory.dmp

Filesize
64KB

Download
memory/2824-183-0x0000026F4C670000-0x0000026F4C680000-memory.dmp

Filesize
64KB

Download
memory/2824-185-0x0000026F4C5E0000-0x0000026F4C5F0000-memory.dmp

Filesize
64KB

Download
memory/2824-186-0x0000026F4C680000-0x0000026F4C690000-memory.dmp

Filesize
64KB

Download
memory/2824-227-0x0000026F4A6B0000-0x0000026F4A6B1000-memory.dmp

Filesize
4KB

Download