611b014d7e6d599b972852d88e055a1b83d78f94a4eb6ba0901c966b5b6cb40e

Analysis

max time kernel
441s
max time network
1170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

v4.6.0/bin/maltego.exe
Size

232KB
MD5

14a9e1466f2904b9984273da3ef67a67
SHA1

897ead84306fc2ee3f9dc7df731de885b8cefbca
SHA256

89911c2c7ec01388b87cb92dddbe5b6610cb9bb45ff78dd242cd9a1d860456d7
SHA512

56ae856a06dbcdb95afa4309b391ddeb46b0bf19bf435e59f013939d04740ba26faf693f99348ba2e1822d4f07116068d9ed3d581e0cbb6dfa3899dbb2c460b5
SSDEEP

3072:3xBZMzszrxx/ePbBpNFmnL+pSnlgvwn55+OTtUkcETCukgraorADg5:3xrMzszrv29pNFmnX2w9TtUkrqoS

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2424	icacls.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5104	javaw.exe
5104	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 5104	3052	maltego.exe	94
PID 3052 wrote to memory of 5104	3052	maltego.exe	94
PID 5104 wrote to memory of 2424	5104	javaw.exe	96
PID 5104 wrote to memory of 2424	5104	javaw.exe	96

C:\Users\Admin\AppData\Local\Temp\v4.6.0\bin\maltego.exe
"C:\Users\Admin\AppData\Local\Temp\v4.6.0\bin\maltego.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe
  "C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe" "-Xms24m" "-Xmx800m" "-XX:+UseG1GC" "-Dsun.java2d.xrender=false" "--add-opens=java.base/java.net=ALL-UNNAMED" "--add-opens=java.base/java.lang.ref=ALL-UNNAMED" "--add-opens=java.base/java.lang=ALL-UNNAMED" "--add-opens=java.base/java.security=ALL-UNNAMED" "--add-opens=java.base/java.util=ALL-UNNAMED" "--add-opens=java.desktop/javax.swing.plaf.basic=ALL-UNNAMED" "--add-opens=java.desktop/javax.swing.text=ALL-UNNAMED" "--add-opens=java.desktop/javax.swing=ALL-UNNAMED" "--add-opens=java.desktop/java.awt=ALL-UNNAMED" "--add-opens=java.desktop/java.awt.event=ALL-UNNAMED" "--add-opens=java.prefs/java.util.prefs=ALL-UNNAMED" "--add-exports=java.desktop/sun.awt=ALL-UNNAMED" "--add-exports=java.desktop/java.awt.peer=ALL-UNNAMED" "--add-exports=java.desktop/com.sun.beans.editors=ALL-UNNAMED" "--add-exports=java.desktop/sun.swing=ALL-UNNAMED" "--add-exports=java.desktop/sun.awt.im=ALL-UNNAMED" "--add-exports=java.desktop/com.sun.java.swing.plaf.motif=ALL-UNNAMED" "--add-exports=jdk.internal.jvmstat/sun.jvmstat.monitor=ALL-UNNAMED" "--add-exports=java.management/sun.management=ALL-UNNAMED" "--add-exports=java.base/sun.reflect.annotation=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.jvm=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.model=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED" "--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.jvm=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.model=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED" "--add-opens=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED" "--add-exports=jdk.jdeps/com.sun.tools.classfile=ALL-UNNAMED" "--add-exports=jdk.jdeps/com.sun.tools.javap=ALL-UNNAMED" "--add-opens=java.desktop/sun.awt.X11=ALL-UNNAMED" "--add-opens=java.desktop/javax.swing.plaf.synth=ALL-UNNAMED" "--add-opens=java.desktop/com.sun.java.swing.plaf.gtk=ALL-UNNAMED" "--add-opens=java.desktop/sun.awt.shell=ALL-UNNAMED" "--add-opens=java.desktop/sun.awt.im=ALL-UNNAMED" "--add-opens=java.base/java.nio=ALL-UNNAMED" "-XX:+IgnoreUnrecognizedVMOptions" "--add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED" "--add-exports=java.base/sun.security.ssl=ALL-UNNAMED" "--add-exports=java.desktop/sun.awt.image=ALL-UNNAMED" "--add-exports=java.desktop/com.apple.eawt=ALL-UNNAMED" "-Dnetbeans.user.dir=C:\Users\Admin\AppData\Local\Temp\v4.6.0\bin" "-Djdk.home=C:\Program Files\Java\jdk-1.8" "-Dnetbeans.home=C:\Users\Admin\AppData\Local\Temp\v4.6.0\platform" "-Dnetbeans.user=C:\Users\Admin\AppData\Roaming\maltego\v4.6.0" "-Dnetbeans.default_userdir_root=C:\Users\Admin\AppData\Roaming\maltego" "-XX:+HeapDumpOnOutOfMemoryError" "-XX:HeapDumpPath=C:\Users\Admin\AppData\Roaming\maltego\v4.6.0\var\log\heapdump.hprof" "-Dsun.awt.keepWorkingSetOnMinimize=true" "-Djava.security.manager=allow" "-Dnetbeans.dirs=C:\Users\Admin\AppData\Local\Temp\v4.6.0\maltego;C:\Users\Admin\AppData\Local\Temp\v4.6.0\groovy;C:\Users\Admin\AppData\Local\Temp\v4.6.0\ide;C:\Users\Admin\AppData\Local\Temp\v4.6.0\java;C:\Users\Admin\AppData\Local\Temp\v4.6.0\maltego-ui;C:\Users\Admin\AppData\Local\Temp\v4.6.0\maltego-core-platform" "-Djava.class.path=C:\Users\Admin\AppData\Local\Temp\v4.6.0\platform\lib\boot.jar;C:\Users\Admin\AppData\Local\Temp\v4.6.0\platform\lib\org-openide-modules.jar;C:\Users\Admin\AppData\Local\Temp\v4.6.0\platform\lib\org-openide-util-lookup.jar;C:\Users\Admin\AppData\Local\Temp\v4.6.0\platform\lib\org-openide-util-ui.jar;C:\Users\Admin\AppData\Local\Temp\v4.6.0\platform\lib\org-openide-util.jar;C:\Program Files\Java\jdk-1.8\lib\dt.jar;C:\Program Files\Java\jdk-1.8\lib\tools.jar" org/netbeans/Main "--branding" "maltego" "--locale" "en:US"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5104
- - C:\Windows\system32\icacls.exe
    "C:\Windows\system32\icacls.exe" C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "\"everyone\":(OI)(CI)M"
    3⤵
    - Modifies file permissions
    PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3052-40-0x0000000000F20000-0x0000000000F61000-memory.dmp

Filesize
260KB

Download
memory/3052-41-0x000000006C140000-0x000000006C17E000-memory.dmp

Filesize
248KB

Download
memory/5104-66-0x000001DB01610000-0x000001DB02610000-memory.dmp

Filesize
16.0MB

Download
memory/5104-164-0x000001DB01610000-0x000001DB02610000-memory.dmp

Filesize
16.0MB

Download
memory/5104-30-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-19-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-16-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-42-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-45-0x000001DB01610000-0x000001DB02610000-memory.dmp

Filesize
16.0MB

Download
memory/5104-53-0x000001DB01610000-0x000001DB02610000-memory.dmp

Filesize
16.0MB

Download
memory/5104-58-0x000001DB01610000-0x000001DB02610000-memory.dmp

Filesize
16.0MB

Download
memory/5104-64-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-171-0x000001DB01610000-0x000001DB02610000-memory.dmp

Filesize
16.0MB

Download
memory/5104-25-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-88-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-84-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-82-0x000001DB01610000-0x000001DB02610000-memory.dmp

Filesize
16.0MB

Download
memory/5104-102-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-146-0x000001DB01610000-0x000001DB02610000-memory.dmp

Filesize
16.0MB

Download
memory/5104-158-0x000001DB019C0000-0x000001DB019D0000-memory.dmp

Filesize
64KB

Download
memory/5104-159-0x000001DB019E0000-0x000001DB019F0000-memory.dmp

Filesize
64KB

Download
memory/5104-160-0x000001DB019A0000-0x000001DB019B0000-memory.dmp

Filesize
64KB

Download
memory/5104-163-0x000001DB019D0000-0x000001DB019E0000-memory.dmp

Filesize
64KB

Download
memory/5104-78-0x000001DB7FDC0000-0x000001DB7FDC1000-memory.dmp

Filesize
4KB

Download
memory/5104-165-0x000001DB019F0000-0x000001DB01A00000-memory.dmp

Filesize
64KB

Download
memory/5104-4-0x000001DB01610000-0x000001DB02610000-memory.dmp

Filesize
16.0MB

Download