efc4070f2011b94c9c6fee851b6299477f0dfd7f62b50537c7f609cb8265b8b8

Analysis

max time kernel
17s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 22:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

FlashCrystalOptimizer_1.20.x_1.jar
Size

918KB
MD5

e26a9063b872d0e9e3a6ad0a7f1a6b81
SHA1

1d6250695aea97ea776da0580750ce3c0b47f947
SHA256

efc4070f2011b94c9c6fee851b6299477f0dfd7f62b50537c7f609cb8265b8b8
SHA512

d19de582a19007f37351be1203994b892eb148fd15d9ae240ca42bea705de00b8b96076f5e0d48adf6f606c809b823d9f2cf3c41bffde159012aa7fce33f3286
SSDEEP

12288:zIaarRPNRxFKOcmgm5Iagj/b82+7x1W8WANWkZQMwmtrQ+VNPcd48+IzUjirYsTx:/y5LxTAagj/bR+n9MKmcIzTr98v3LDy

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4284	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 4284	3732	java.exe	84
PID 3732 wrote to memory of 4284	3732	java.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\FlashCrystalOptimizer_1.20.x_1.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
582c6c6eb4c854b524636e56a1b047e4

SHA1
91b1930eb97547ff45b17335530ad38805d16299

SHA256
d1b682ecc5b6e2bf42e76e5b679e84a42e0dcecf72b27fbff37de721af7d1a65

SHA512
dbff1d314aa43a7512ef8ecf975bed7872ebd6d62512ad05b78cbf4de51e57d1d4897351ad57b8589ca5f947682e33de7751e79770dcaf91938b9b37f2f843bc

Download Submit
memory/3732-2-0x000001ACDCE90000-0x000001ACDD100000-memory.dmp

Filesize
2.4MB

Download
memory/3732-12-0x000001ACDB590000-0x000001ACDB591000-memory.dmp

Filesize
4KB

Download
memory/3732-13-0x000001ACDCE90000-0x000001ACDD100000-memory.dmp

Filesize
2.4MB

Download