Overview

overview

7

Static

static

3

MaltegoSet....0.exe

windows7-x64

4

MaltegoSet....0.exe

windows10-2004-x64

4

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

v4.6.0/bin/maltego

ubuntu-18.04-amd64

3

v4.6.0/bin/maltego

debian-9-armhf

1

v4.6.0/bin/maltego

debian-9-mips

1

v4.6.0/bin/maltego

debian-9-mipsel

1

v4.6.0/bin...go.exe

windows7-x64

1

v4.6.0/bin...go.exe

windows10-2004-x64

7

v4.6.0/gro....8.jar

windows7-x64

1

v4.6.0/gro....8.jar

windows10-2004-x64

7

v4.6.0/gro....8.jar

windows7-x64

1

v4.6.0/gro....8.jar

windows10-2004-x64

7

v4.6.0/gro...or.jar

windows7-x64

1

v4.6.0/gro...or.jar

windows10-2004-x64

7

v4.6.0/gro...vy.jar

windows7-x64

1

v4.6.0/gro...vy.jar

windows10-2004-x64

7

v4.6.0/ide...pg.jar

windows7-x64

1

v4.6.0/ide...pg.jar

windows10-2004-x64

7

v4.6.0/ide...ov.jar

windows7-x64

1

v4.6.0/ide...ov.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    431s
  • max time network
    1168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-03-2024 03:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    v4.6.0/ide/modules/bcpg.jar

  • Size

    321KB

  • MD5

    498ac36829826fe4b0d12af9550b5b0c

  • SHA1

    56956a8c63ccadf62e7c678571cf86f30bd84441

  • SHA256

    10acaf221fc4e49d4a4067b02316271698e8742ef4b23cb5f2434a0e3502b7b4

  • SHA512

    c20a213896f87f3fcafeddd93c4a0dab3d98e69323035bcbd48f3203f61e0b610b57ca08eb882c1bcdeab6c820cfde0f40a7b6bf6b6c0bbcdcc8f90f6f527ca8

  • SSDEEP

    6144:G7aChJ0Neahsu9LfUAEY9Uq9NR7KmFZetLoiVAZj774Pv++ih1zw:gaCTuh94pGUqvdjn+LoYAZj77qv+++1k

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\v4.6.0\ide\modules\bcpg.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1296
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    e403ce9e6b56f925208301f8ee318389

    SHA1

    e2143f93373e91514d44d459784c25d0efd7e489

    SHA256

    e4abe28cdad3e5f6b95aee62e4d099fea1ecf2c3c73d8b294b593be4452e7c57

    SHA512

    7b0d1f2051de94da157a632899331c17096879586a53381392c0aa89fba58c3fec10fcb9f7a4736478f16a56841c1589f11a2171a6a8a86a148e521cda357e9a

    Download Submit

  • memory/1296-4-0x000001C59CDA0000-0x000001C59DDA0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1296-12-0x000001C59B560000-0x000001C59B561000-memory.dmp

    Filesize

    4KB

    Download