Overview
overview
10Static
static
3ProjectMainGitHub.zip
windows7-x64
1ProjectMainGitHub.zip
windows10-2004-x64
1ProjectGit...ine.js
windows7-x64
1ProjectGit...ine.js
windows10-2004-x64
1ProjectGit...er.exe
windows7-x64
7ProjectGit...er.exe
windows10-2004-x64
10ProjectGit...on.dll
windows7-x64
1ProjectGit...on.dll
windows10-2004-x64
1ProjectGit...rB.exe
windows7-x64
1ProjectGit...rB.exe
windows10-2004-x64
7ProjectGit...rS.exe
windows7-x64
1ProjectGit...rS.exe
windows10-2004-x64
7ProjectGit...cv.jar
windows7-x64
1ProjectGit...cv.jar
windows10-2004-x64
1ProjectGit...32.dll
windows10-2004-x64
1ProjectGit..._datas
windows7-x64
1ProjectGit..._datas
windows10-2004-x64
1ProjectGit...prefix
windows7-x64
1ProjectGit...prefix
windows10-2004-x64
1ProjectGit...tingss
windows7-x64
1ProjectGit...tingss
windows10-2004-x64
1ProjectGit...ersion
windows7-x64
1ProjectGit...ersion
windows10-2004-x64
1ProjectGit...ersion
windows7-x64
1ProjectGit...ersion
windows10-2004-x64
1ProjectGit...et.dll
windows7-x64
1ProjectGit...et.dll
windows10-2004-x64
1Analysis
-
max time kernel
46s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-03-2024 14:42
Static task
static1
Behavioral task
behavioral1
Sample
ProjectMainGitHub.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ProjectMainGitHub.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
ProjectGitHubMain/Engine.js
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
ProjectGitHubMain/Engine.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
ProjectGitHubMain/Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
ProjectGitHubMain/Loader.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
ProjectGitHubMain/Newtonsoft.Json.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
ProjectGitHubMain/Newtonsoft.Json.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
ProjectGitHubMain/bin/UbuilderB.exe
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
ProjectGitHubMain/bin/UbuilderB.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
ProjectGitHubMain/bin/UbuilderS.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
ProjectGitHubMain/bin/UbuilderS.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
ProjectGitHubMain/bin/scv.jar
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
ProjectGitHubMain/bin/scv.jar
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
ProjectGitHubMain/opengl32.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
ProjectGitHubMain/packages/key_datas
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
ProjectGitHubMain/packages/key_datas
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
ProjectGitHubMain/packages/prefix
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
ProjectGitHubMain/packages/prefix
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
ProjectGitHubMain/packages/settingss
Resource
win7-20240215-en
Behavioral task
behavioral21
Sample
ProjectGitHubMain/packages/settingss
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
ProjectGitHubMain/user_data/cache/version
Resource
win7-20240220-en
Behavioral task
behavioral23
Sample
ProjectGitHubMain/user_data/cache/version
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
ProjectGitHubMain/user_data/media_cache/version
Resource
win7-20231129-en
Behavioral task
behavioral25
Sample
ProjectGitHubMain/user_data/media_cache/version
Resource
win10v2004-20240319-en
Behavioral task
behavioral26
Sample
ProjectGitHubMain/xNet.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
ProjectGitHubMain/xNet.dll
Resource
win10v2004-20240226-en
General
-
Target
ProjectGitHubMain/bin/UbuilderB.exe
-
Size
3.6MB
-
MD5
f474baf2f922f8485752170cc261a72b
-
SHA1
7e447654e04a91a578a22da5f95d0827e543740e
-
SHA256
2f9a39635d6a379577b073945477609c3ab3656c4adc54a0d7cce23c4432c04f
-
SHA512
5bf9f3ddf527ebe14c610be6e6d525917f8fd7cbc697d1d308044a06ee7587977737c88d8ffc83508d1e8714efb761c05d38ef16037bd63862c419174c3cdd33
-
SSDEEP
98304:D3yMS4vp4iKTBrHJWGs2NyqeoNE/7SRYY6:Dp4iKTVHJack+s
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Drops file in Program Files directory 12 IoCs
Processes:
javaw.exedescription ioc Process File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb javaw.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
UbuilderB.exejavaw.exedescription pid Process procid_target PID 1604 wrote to memory of 4524 1604 UbuilderB.exe 86 PID 1604 wrote to memory of 4524 1604 UbuilderB.exe 86 PID 4524 wrote to memory of 4984 4524 javaw.exe 87 PID 4524 wrote to memory of 4984 4524 javaw.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderB.exe"C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderB.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderB.exe" org.develnext.jphp.ext.javafx.FXLauncher2⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4524 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
PID:4984
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD588cdbfcafeba0abd334f9fc7c2bd76ca
SHA12563bd31fdbd97113261a650c5a58d59365d880b
SHA256380d739ae16661bfb27cc23b500150c7360bbbef7de1014589cbb2061c237882
SHA5127106bbf2894af4e9e2a1ff273d08b7c4d24b874a42ba0bb163b299214b19d0cf0eb300900e4e6566f09ae931d419dccc805166fe35dee05e1c4fa7b2e507dda2