Analysis

  • max time kernel
    46s
  • max time network
    42s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-03-2024 14:42

General

  • Target

    ProjectGitHubMain/bin/UbuilderB.exe

  • Size

    3.6MB

  • MD5

    f474baf2f922f8485752170cc261a72b

  • SHA1

    7e447654e04a91a578a22da5f95d0827e543740e

  • SHA256

    2f9a39635d6a379577b073945477609c3ab3656c4adc54a0d7cce23c4432c04f

  • SHA512

    5bf9f3ddf527ebe14c610be6e6d525917f8fd7cbc697d1d308044a06ee7587977737c88d8ffc83508d1e8714efb761c05d38ef16037bd63862c419174c3cdd33

  • SSDEEP

    98304:D3yMS4vp4iKTBrHJWGs2NyqeoNE/7SRYY6:Dp4iKTVHJack+s

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderB.exe
    "C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderB.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderB.exe" org.develnext.jphp.ext.javafx.FXLauncher
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:4524
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:4984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

    Filesize

    46B

    MD5

    88cdbfcafeba0abd334f9fc7c2bd76ca

    SHA1

    2563bd31fdbd97113261a650c5a58d59365d880b

    SHA256

    380d739ae16661bfb27cc23b500150c7360bbbef7de1014589cbb2061c237882

    SHA512

    7106bbf2894af4e9e2a1ff273d08b7c4d24b874a42ba0bb163b299214b19d0cf0eb300900e4e6566f09ae931d419dccc805166fe35dee05e1c4fa7b2e507dda2

  • memory/1604-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

  • memory/4524-9-0x0000016837030000-0x0000016838030000-memory.dmp

    Filesize

    16.0MB

  • memory/4524-13-0x00000168357D0000-0x00000168357D1000-memory.dmp

    Filesize

    4KB

  • memory/4524-18-0x0000016837030000-0x0000016838030000-memory.dmp

    Filesize

    16.0MB

  • memory/4524-26-0x0000016837030000-0x0000016838030000-memory.dmp

    Filesize

    16.0MB

  • memory/4524-30-0x00000168372B0000-0x00000168372C0000-memory.dmp

    Filesize

    64KB

  • memory/4524-31-0x00000168372E0000-0x00000168372F0000-memory.dmp

    Filesize

    64KB

  • memory/4524-32-0x00000168372D0000-0x00000168372E0000-memory.dmp

    Filesize

    64KB

  • memory/4524-33-0x0000016837300000-0x0000016837310000-memory.dmp

    Filesize

    64KB

  • memory/4524-34-0x0000016837310000-0x0000016837320000-memory.dmp

    Filesize

    64KB

  • memory/4524-35-0x0000016837030000-0x0000016838030000-memory.dmp

    Filesize

    16.0MB