34e4ec423fd298bc5d0d0a8e73b989cbe7edde061ab41abe94ab53a94f4a9631

Analysis

max time kernel
152s
max time network
39s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/12/2022, 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

burpsuite_community_windows-x64_v1_7_29.exe
Size

90.4MB
MD5

ed564ff8629732040c3105a65d3d8372
SHA1

4913445f17c3bed1dab3373fcf0c8be04165d756
SHA256

34e4ec423fd298bc5d0d0a8e73b989cbe7edde061ab41abe94ab53a94f4a9631
SHA512

a66f78ae1f404ba37c45e823b2bf9c4a5ee7dcbb4ef1c23a8f84e79e8d18a4c3b3f56e4b0b02241b99912142036504e6b0d4a1e305d1e3242817c900e5d72029
SSDEEP

1572864:QP52DNCyqc4zUj0Ht1e7NjtXe+eh1P5IKW0qiT6BNL/LYrkpG:QR2DE1DUA/KNjdeFnRIx09aNjkkpG

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
972	java.exe

Loads dropped DLL 16 IoCs

pid	Process
2008	burpsuite_community_windows-x64_v1_7_29.exe
2008	burpsuite_community_windows-x64_v1_7_29.exe
2008	burpsuite_community_windows-x64_v1_7_29.exe
972	java.exe
972	java.exe
972	java.exe
972	java.exe
972	java.exe
972	java.exe
2008	burpsuite_community_windows-x64_v1_7_29.exe
2008	burpsuite_community_windows-x64_v1_7_29.exe
2008	burpsuite_community_windows-x64_v1_7_29.exe
2008	burpsuite_community_windows-x64_v1_7_29.exe
2008	burpsuite_community_windows-x64_v1_7_29.exe
2008	burpsuite_community_windows-x64_v1_7_29.exe
2008	burpsuite_community_windows-x64_v1_7_29.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
692	icacls.exe
904	icacls.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2008	burpsuite_community_windows-x64_v1_7_29.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 972	2008	burpsuite_community_windows-x64_v1_7_29.exe	28
PID 2008 wrote to memory of 972	2008	burpsuite_community_windows-x64_v1_7_29.exe	28
PID 2008 wrote to memory of 972	2008	burpsuite_community_windows-x64_v1_7_29.exe	28
PID 972 wrote to memory of 692	972	java.exe	30
PID 972 wrote to memory of 692	972	java.exe	30
PID 972 wrote to memory of 692	972	java.exe	30
PID 972 wrote to memory of 904	972	java.exe	31
PID 972 wrote to memory of 904	972	java.exe	31
PID 972 wrote to memory of 904	972	java.exe	31

C:\Users\Admin\AppData\Local\Temp\burpsuite_community_windows-x64_v1_7_29.exe
"C:\Users\Admin\AppData\Local\Temp\burpsuite_community_windows-x64_v1_7_29.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2008
- \??\c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\bin\java.exe
  c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\bin\java.exe -version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:972
- - C:\Windows\system32\icacls.exe
    icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:692
- - C:\Windows\system32\icacls.exe
    icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage\9db7d75143e5c6d1.timestamp /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\9db7d75143e5c6d1.timestamp

Filesize
80B

MD5
56f0a2307fdc7a0adc669f2dcf4af865

SHA1
1c4f3fa85cbfdd978dcba05fb0799464fd61e534

SHA256
11b205cbd48bc369b72a43b305ceff80b450b49b82c38c0b3e1d3283c9104378

SHA512
1262df657dba332df0e3187da1a9ab6f9eda4240cb059b0f73c1647490f4985f9a32f30d0b9fe955f3b415b561e6e54967da77f54e03345cf92ca8c1012c7914

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\9db7d75143e5c6d1.timestamp

Filesize
80B

MD5
56f0a2307fdc7a0adc669f2dcf4af865

SHA1
1c4f3fa85cbfdd978dcba05fb0799464fd61e534

SHA256
11b205cbd48bc369b72a43b305ceff80b450b49b82c38c0b3e1d3283c9104378

SHA512
1262df657dba332df0e3187da1a9ab6f9eda4240cb059b0f73c1647490f4985f9a32f30d0b9fe955f3b415b561e6e54967da77f54e03345cf92ca8c1012c7914

Download Submit
C:\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\java.exe

Filesize
202KB

MD5
e790ddf15d5f5880742e43e44b9725bb

SHA1
07cbce9fd809c024876a96a1ac03119036c2b810

SHA256
fffaf2ddf236b0a7c1ec8e94a26dd91dc0380e584a0ae98c94c3933eacd188cb

SHA512
fbfe5957b4aa4a1c34fbe3b9d64fe97df26502b08378a2b87622f3b293493b640a84a1c332f9fcdb83123bfdcae73d2893cedb04c1de0f581a740b838182ddea

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j2972.tmp_dir1672125440\jre\lib\rt.jar

Filesize
60.7MB

MD5
34ea12c32799745c8bab2a0a29b223e3

SHA1
948c5e67a093ec2c34fb995dcc71daa51a9cf264

SHA256
058c62d9ae3b6ddd810040835d40c547da68313f0f0be40fdc815189dc962eb0

SHA512
741f0047134bc6ace78bcbfb794264769e01319857254a52e8515da425837ae3ebd978a1c2dbe5f12ab7d79b30b6b11b6fdbc34aa6b7421002a46b4a4c706cdd

Download Submit
\??\c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\bin\java.dll

Filesize
156KB

MD5
fe3df62c6312432ac053a065dd118dfa

SHA1
95f884731639df87fc11196a729cb6280b79b40c

SHA256
024b483edb8cfae9fb9d7d684576f839d96a8934f8a84ea4027c433dadda4d2a

SHA512
2772b9b24c716721663d00c3b9b8c936be892be7f95deac757989484a0c7a5c697cafcf894be20393bca7a249e1eaca5671f2b11dc0dc975824649fcfc241d77

Download Submit
\??\c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\??\c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\bin\server\jvm.dll

Filesize
8.4MB

MD5
5c771ed459867ee1e138fe435cc0e539

SHA1
3a59061f4e2f02aab916714f095ebe9c087154dc

SHA256
b80fe8748b11c0008012c2c95e72bfd5c54d2dfa44d8429cfc2fef1915afa19c

SHA512
8c08bab51a2bd5cf4628319220febfb9e40c12d2518203444777acb6214e19dd873a977165fbcbb86b31c514f37de9ea8b1b03356e4e1410573048ce56fb3d43

Download Submit
\??\c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\bin\verify.dll

Filesize
48KB

MD5
ccda3a67896aa70da4dbeca4773366da

SHA1
e44d0e53720bc2ccf9ab1240caa04d739f18001b

SHA256
d4ffaf9faf8569316c7f3907c30ec870cd19d524c64ef05e33d6d60d0e9003c0

SHA512
f0e7712593d8c809caf3988a6034c460af8ac1ce7999477f1b3eeb2a3c22b0c073ebff92037b8154dd9a5d62b1b22f8a66c2beb973aca478e9eb7bbb04ec6d0a

Download Submit
\??\c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\bin\zip.dll

Filesize
76KB

MD5
5526160520366260b09d632c18279b6b

SHA1
86a2f2c198d65504ff4f1ae8095d3a943653da8f

SHA256
08ab11ee789d0a53a10dc41a4c0480867dbc50223336c95ae1915fd503f25ce2

SHA512
45fd0242996f468003e7d1c523991c9507eacbe3f1d617778ab715a0bb96ff64a5b2a447f2a81aacd4ab979c10c2decda9738b8930f9a244cdfd183313d5c065

Download Submit
\??\c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\lib\amd64\jvm.cfg

Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
\??\c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\lib\ext\meta-index

Filesize
1KB

MD5
005faac2118450bfcd46ae414da5f0e5

SHA1
9f5c887e0505e1bb06bd1fc7975a3219709d061d

SHA256
f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8

SHA512
8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

Download Submit
\??\c:\users\admin\appdata\local\temp\E4J297~1.TMP\jre\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\java.dll

Filesize
156KB

MD5
fe3df62c6312432ac053a065dd118dfa

SHA1
95f884731639df87fc11196a729cb6280b79b40c

SHA256
024b483edb8cfae9fb9d7d684576f839d96a8934f8a84ea4027c433dadda4d2a

SHA512
2772b9b24c716721663d00c3b9b8c936be892be7f95deac757989484a0c7a5c697cafcf894be20393bca7a249e1eaca5671f2b11dc0dc975824649fcfc241d77

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\java.dll

Filesize
156KB

MD5
fe3df62c6312432ac053a065dd118dfa

SHA1
95f884731639df87fc11196a729cb6280b79b40c

SHA256
024b483edb8cfae9fb9d7d684576f839d96a8934f8a84ea4027c433dadda4d2a

SHA512
2772b9b24c716721663d00c3b9b8c936be892be7f95deac757989484a0c7a5c697cafcf894be20393bca7a249e1eaca5671f2b11dc0dc975824649fcfc241d77

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\java.dll

Filesize
156KB

MD5
fe3df62c6312432ac053a065dd118dfa

SHA1
95f884731639df87fc11196a729cb6280b79b40c

SHA256
024b483edb8cfae9fb9d7d684576f839d96a8934f8a84ea4027c433dadda4d2a

SHA512
2772b9b24c716721663d00c3b9b8c936be892be7f95deac757989484a0c7a5c697cafcf894be20393bca7a249e1eaca5671f2b11dc0dc975824649fcfc241d77

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\java.dll

Filesize
156KB

MD5
fe3df62c6312432ac053a065dd118dfa

SHA1
95f884731639df87fc11196a729cb6280b79b40c

SHA256
024b483edb8cfae9fb9d7d684576f839d96a8934f8a84ea4027c433dadda4d2a

SHA512
2772b9b24c716721663d00c3b9b8c936be892be7f95deac757989484a0c7a5c697cafcf894be20393bca7a249e1eaca5671f2b11dc0dc975824649fcfc241d77

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\java.exe

Filesize
202KB

MD5
e790ddf15d5f5880742e43e44b9725bb

SHA1
07cbce9fd809c024876a96a1ac03119036c2b810

SHA256
fffaf2ddf236b0a7c1ec8e94a26dd91dc0380e584a0ae98c94c3933eacd188cb

SHA512
fbfe5957b4aa4a1c34fbe3b9d64fe97df26502b08378a2b87622f3b293493b640a84a1c332f9fcdb83123bfdcae73d2893cedb04c1de0f581a740b838182ddea

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\server\jvm.dll

Filesize
8.4MB

MD5
5c771ed459867ee1e138fe435cc0e539

SHA1
3a59061f4e2f02aab916714f095ebe9c087154dc

SHA256
b80fe8748b11c0008012c2c95e72bfd5c54d2dfa44d8429cfc2fef1915afa19c

SHA512
8c08bab51a2bd5cf4628319220febfb9e40c12d2518203444777acb6214e19dd873a977165fbcbb86b31c514f37de9ea8b1b03356e4e1410573048ce56fb3d43

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\server\jvm.dll

Filesize
8.4MB

MD5
5c771ed459867ee1e138fe435cc0e539

SHA1
3a59061f4e2f02aab916714f095ebe9c087154dc

SHA256
b80fe8748b11c0008012c2c95e72bfd5c54d2dfa44d8429cfc2fef1915afa19c

SHA512
8c08bab51a2bd5cf4628319220febfb9e40c12d2518203444777acb6214e19dd873a977165fbcbb86b31c514f37de9ea8b1b03356e4e1410573048ce56fb3d43

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\verify.dll

Filesize
48KB

MD5
ccda3a67896aa70da4dbeca4773366da

SHA1
e44d0e53720bc2ccf9ab1240caa04d739f18001b

SHA256
d4ffaf9faf8569316c7f3907c30ec870cd19d524c64ef05e33d6d60d0e9003c0

SHA512
f0e7712593d8c809caf3988a6034c460af8ac1ce7999477f1b3eeb2a3c22b0c073ebff92037b8154dd9a5d62b1b22f8a66c2beb973aca478e9eb7bbb04ec6d0a

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\verify.dll

Filesize
48KB

MD5
ccda3a67896aa70da4dbeca4773366da

SHA1
e44d0e53720bc2ccf9ab1240caa04d739f18001b

SHA256
d4ffaf9faf8569316c7f3907c30ec870cd19d524c64ef05e33d6d60d0e9003c0

SHA512
f0e7712593d8c809caf3988a6034c460af8ac1ce7999477f1b3eeb2a3c22b0c073ebff92037b8154dd9a5d62b1b22f8a66c2beb973aca478e9eb7bbb04ec6d0a

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\zip.dll

Filesize
76KB

MD5
5526160520366260b09d632c18279b6b

SHA1
86a2f2c198d65504ff4f1ae8095d3a943653da8f

SHA256
08ab11ee789d0a53a10dc41a4c0480867dbc50223336c95ae1915fd503f25ce2

SHA512
45fd0242996f468003e7d1c523991c9507eacbe3f1d617778ab715a0bb96ff64a5b2a447f2a81aacd4ab979c10c2decda9738b8930f9a244cdfd183313d5c065

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\zip.dll

Filesize
76KB

MD5
5526160520366260b09d632c18279b6b

SHA1
86a2f2c198d65504ff4f1ae8095d3a943653da8f

SHA256
08ab11ee789d0a53a10dc41a4c0480867dbc50223336c95ae1915fd503f25ce2

SHA512
45fd0242996f468003e7d1c523991c9507eacbe3f1d617778ab715a0bb96ff64a5b2a447f2a81aacd4ab979c10c2decda9738b8930f9a244cdfd183313d5c065

Download Submit
\Users\Admin\AppData\Local\Temp\E4J297~1.TMP\jre\bin\zip.dll

Filesize
76KB

MD5
5526160520366260b09d632c18279b6b

SHA1
86a2f2c198d65504ff4f1ae8095d3a943653da8f

SHA256
08ab11ee789d0a53a10dc41a4c0480867dbc50223336c95ae1915fd503f25ce2

SHA512
45fd0242996f468003e7d1c523991c9507eacbe3f1d617778ab715a0bb96ff64a5b2a447f2a81aacd4ab979c10c2decda9738b8930f9a244cdfd183313d5c065

Download Submit
\Users\Admin\AppData\Local\Temp\e4j2972.tmp_dir1672125440\jre\bin\awt.dll

Filesize
1.4MB

MD5
eff33f8a61c21a00f1ccda7cc9faec37

SHA1
268497378468e79d47208ea3862d55b9e272aefa

SHA256
1b6b2e5e7d9d7f4cf531c81ff7032cf20783e8af547fbc960f16dbceae7642b1

SHA512
4290f1e505ee0058ec26dff70e3888ddb55ec080e0743f27f7a8052a31a18ed7997bf3f2e67127c607baee90157d83bd9e6fa462fafcf5ef3c3aea4da443d8a1

Download Submit
\Users\Admin\AppData\Local\Temp\e4j2972.tmp_dir1672125440\jre\bin\management.dll

Filesize
36KB

MD5
3a471802315d62c8703c1a3fe030031f

SHA1
3fb09df4a420fb4f9ccad10b080fd13e1bcae368

SHA256
4c0f7f04838e08e78837fc1fc68676c925761d506f9c1c797fa33fef62173738

SHA512
9f1e2b91620fa3d76da3aacbf50b2723973c1913c45db5f9e6eaba2956bae1d76436ffd217a3633e9903de305711f38fff36edb3cc9bbec68e290177609111ae

Download Submit
memory/972-80-0x0000000002520000-0x0000000003520000-memory.dmp

Filesize
16.0MB

Download
memory/2008-101-0x0000000003200000-0x0000000004200000-memory.dmp

Filesize
16.0MB

Download
memory/2008-54-0x000007FEFBBA1000-0x000007FEFBBA3000-memory.dmp

Filesize
8KB

Download
memory/2008-107-0x0000000003200000-0x0000000004200000-memory.dmp

Filesize
16.0MB

Download