e9ae335cdbcd6abea623cb69833c098a66c34f5c9eb98ff7f470c11aee099c32

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2023, 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Loader/bin/UbuilderS.exe
Size

3.6MB
MD5

8627fd537e892afae534c5e07f50b2c3
SHA1

8b90cc232744e7f0a1d27f5b4ec4f6d0d966ed9a
SHA256

09f156b3d7d51dad5a9ddd04f9685882a2d479e56deda6eaa0e58ecb19c19228
SHA512

1af58aeda603230a0091c5d871ac88773f2b57a835c42c36ebb79e2cc39c7c0edf795bf039bb0eface4303b2b9fb5c3878d8a5364e7d3b73daa26fc392c1da70
SSDEEP

49152:LC/+vwyHnNfERTPokBMyHJWGs8FaRMqu3XCqRq8stcpVk4JobxJ17IxRYbwPmmkO:szyHnN+TBrHJWGs2NyqeoNE/7SRYYCO

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 4676	2044	UbuilderS.exe	86
PID 2044 wrote to memory of 4676	2044	UbuilderS.exe	86

C:\Users\Admin\AppData\Local\Temp\Loader\bin\UbuilderS.exe
"C:\Users\Admin\AppData\Local\Temp\Loader\bin\UbuilderS.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\Loader\bin\UbuilderS.exe" org.develnext.jphp.ext.javafx.FXLauncher
  2⤵
  - Drops file in Program Files directory
  PID:4676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4676-5-0x0000000002DE0000-0x0000000003DE0000-memory.dmp

Filesize
16.0MB

Download
memory/4676-12-0x0000000001280000-0x0000000001281000-memory.dmp

Filesize
4KB

Download
memory/4676-19-0x0000000002DE0000-0x0000000003DE0000-memory.dmp

Filesize
16.0MB

Download
memory/4676-23-0x0000000002DE0000-0x0000000003DE0000-memory.dmp

Filesize
16.0MB

Download
memory/4676-30-0x0000000001280000-0x0000000001281000-memory.dmp

Filesize
4KB

Download
memory/4676-36-0x0000000001280000-0x0000000001281000-memory.dmp

Filesize
4KB

Download
memory/4676-37-0x0000000002DE0000-0x0000000003DE0000-memory.dmp

Filesize
16.0MB

Download
memory/4676-42-0x0000000001280000-0x0000000001281000-memory.dmp

Filesize
4KB

Download
memory/4676-43-0x0000000002DE0000-0x0000000003DE0000-memory.dmp

Filesize
16.0MB

Download
memory/4676-48-0x0000000003060000-0x0000000003070000-memory.dmp

Filesize
64KB

Download
memory/4676-49-0x0000000003080000-0x0000000003090000-memory.dmp

Filesize
64KB

Download
memory/4676-50-0x0000000003100000-0x0000000003110000-memory.dmp

Filesize
64KB

Download
memory/4676-51-0x0000000002DE0000-0x0000000003DE0000-memory.dmp

Filesize
16.0MB

Download
memory/4676-52-0x00000000030C0000-0x00000000030D0000-memory.dmp

Filesize
64KB

Download
memory/4676-53-0x00000000030D0000-0x00000000030E0000-memory.dmp

Filesize
64KB

Download
memory/4676-54-0x00000000030E0000-0x00000000030F0000-memory.dmp

Filesize
64KB

Download
memory/4676-55-0x00000000030F0000-0x0000000003100000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads