924510549c0419dfee32474faedeada3db5530418f1bc0eb44a74f990db3a295

Analysis

max time kernel
0s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
27/06/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wurst-Client-v7.43.1-MC1.21.jar
Size

1.6MB
MD5

229f28a66ba9af06b1d4bfa45c526464
SHA1

89ec3056c6d0a5b6ccbfadcbe268950b194c9163
SHA256

924510549c0419dfee32474faedeada3db5530418f1bc0eb44a74f990db3a295
SHA512

c3ce1b0683d31d69ad5064aebce867c4b41965351f2535105b7ecf87e7e7439ce0924696515e6997b701bef4cafd292a013acccbd127c8cc28c7cdae9db5eacf
SSDEEP

49152:6lnLuR9rLaon74c4tCFze6fmk7h3HDCgi2I:qnLuR9Z34gF66fmkjziR

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2800	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 2800	4612	java.exe	79
PID 4612 wrote to memory of 2800	4612	java.exe	79

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Wurst-Client-v7.43.1-MC1.21.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
92585cf8f66e23281963736dab72a840

SHA1
6f44af5d24d54eec6edf43f2b06ccbb4177fc66f

SHA256
8e190d49030f34662052a34417abd6f1f6da3331975e52f5013712cdcaedb906

SHA512
21b52b6df92b526dd8faba88fcf6142e654b7f0230233a8f0bf0783e71757386756d9205c7edecac528310129ce30f380af3622107c7baa57d446512b3621ddf

Download Submit
memory/4612-2-0x000002811F2A0000-0x000002811F510000-memory.dmp

Filesize
2.4MB

Download
memory/4612-12-0x000002811F280000-0x000002811F281000-memory.dmp

Filesize
4KB

Download
memory/4612-13-0x000002811F2A0000-0x000002811F510000-memory.dmp

Filesize
2.4MB

Download