Analysis

  • max time kernel
    43s
  • max time network
    40s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2024 14:42

General

  • Target

    ProjectGitHubMain/bin/UbuilderS.exe

  • Size

    3.6MB

  • MD5

    8627fd537e892afae534c5e07f50b2c3

  • SHA1

    8b90cc232744e7f0a1d27f5b4ec4f6d0d966ed9a

  • SHA256

    09f156b3d7d51dad5a9ddd04f9685882a2d479e56deda6eaa0e58ecb19c19228

  • SHA512

    1af58aeda603230a0091c5d871ac88773f2b57a835c42c36ebb79e2cc39c7c0edf795bf039bb0eface4303b2b9fb5c3878d8a5364e7d3b73daa26fc392c1da70

  • SSDEEP

    49152:LC/+vwyHnNfERTPokBMyHJWGs8FaRMqu3XCqRq8stcpVk4JobxJ17IxRYbwPmmkO:szyHnN+TBrHJWGs2NyqeoNE/7SRYYCO

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderS.exe
    "C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderS.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f302b018843ab7556fae18a3c21b6bac

    SHA1

    959bb987be60e77a0135649375f57aec8817ae24

    SHA256

    64f1ee64119be7045d117644838b44735a4cc5926e143445d56c5b9702d5852a

    SHA512

    fe14f2673f2c48841a2b1792922e08fc3b8ea63f4ff827a976b8705f20ff9b42a90e340fcda178b92c6bead9216b4dfb9b23db47ed898efe6d1040bf3328d950

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b81b3de06edd59fc31933a1004427d40

    SHA1

    aa6c8c0ddadb0cfe04930862506efbaf349491bf

    SHA256

    7c752af278af211fa8a60524e91f04ca0b34a9bd5b2900d614a429afcf362498

    SHA512

    78fd4ee94f5d78cc0c36aac47c96e5c879bbfd23df7f948ad6c7d8dbf867574c69a2e2faac3da9b016677bbd3e7278d79bbf467f38f1dbe1b36ba13f083c682a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e3a23e2e50581f6f5fb9ca972157cb6a

    SHA1

    1d036228ae31731b897edb4e136b0b97d3cfbf17

    SHA256

    e6e5f773669391735d1d016439c14465bc49b7f2228e2a6b894010d26e64f816

    SHA512

    5f24c1a4465ba3fcc811e91832749dc83625607c6722d938bf6a7f65fe123cc1a48bf566190e1ee5cf3d4c0076e88b4fd8d1a65cf2b85371ced3085ac7fe17a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bfc06e4ea9bfc2fb0b6d52c9d6899f48

    SHA1

    d8c88af3dff46c64c99273b0ae441f98c6a7bee3

    SHA256

    1fd51f79cd0efc304a1bb142cf2c5510c73eb5be9589c36321bf246ba710cd11

    SHA512

    2cdfc1c159c8d231de5fc2d83999969fc7fa756a04036b60bf5365cdeab7d6ea4e9b66eb63b25b29e9f98d57dfa0d1b324a08622a9a7ca096b8379c71822b294

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b6114aea022622bc1e933cc883c3f624

    SHA1

    1be2c22566622a1a4fd8be9f0dbff613cfc292e4

    SHA256

    876e306769e6bac43318cb1f5773c2a5af1a0d1c1625c97a6e19fe470964f8eb

    SHA512

    7b0a4f47c43df1842195bd1c17e77e1f2c23c43e6e4852f2194f9ece0bc75a13cad5dbdaf121477f7545d52e2f0e42995364cdc646ae9610d39c3aa4f1ef0a7c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    14dffc7a21cd0d25bb8670b4e433da99

    SHA1

    1a775e29c6d36adf3747eebe9cd9e9b86477c47d

    SHA256

    dc8e312834b2f681bc01a91cd107d7edd11e3ccd6df0afd01ac9ec663bd45f07

    SHA512

    90a39fe2f3eeeed1868031c6c05a29021056df7ec794cc9b0fe48d222e68b49425d0b3f46c0f34aa3da0c172a6fb418c785ec941b38e64e172c8c16d0f9121a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d7b0c42fcf1b9d85a22d403996da5b8d

    SHA1

    5547cbb286e5562d4faa1163ef27964dae1ee1ec

    SHA256

    a1a867a2a2104500afbffe226c4296d493d62c98fc689626a3f19e8f5efe552a

    SHA512

    083c35e69368748d1443937d1346fc320910dd756c3a42ecc9d4bf5096f6418472f45e871e43ff18869c5538e32fae3863ba0c0ff40f196302dafcd3df9bd494

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    584c8a4c4f351de88cdd8b438662bd15

    SHA1

    6aebe1518f461788601dc97c8c04f698723d83b2

    SHA256

    472afebba51ecdb23af6cf3e2593161a5007511a792f124a14dd3d622eed1b3a

    SHA512

    1260acaf171010917e21cc2a54f6d427ce5a230a824db37fc1293151de5e88bd0ae7d344c9f3f8092ac8fee2e866e8976cb47b9fd9a38fce8de828623a13a84e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    562023270052d12b8eaf2027b9f694d6

    SHA1

    b678035d0a699c47618b0795caf8b3d6ccaec9dc

    SHA256

    37f2ef5c23fa920732625ff715dd820f1d1977abc2b8ca610078f9190179fe18

    SHA512

    b8bf28b13b4361d00d612d1c23bbbfa2c108919bf16a1c21750f0956aca7c21f9a0da64abae20858b70b44246534ffa9fb9af9bfca9363f9981455f355a910d8

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BUBP79MG\www.java[1].xml

    Filesize

    398B

    MD5

    12328666f2760f9556ad83e23d9c8980

    SHA1

    72bea694bdba2be4848105503fd601425b3d14bd

    SHA256

    6332933bedff9519f43ffd1514c47dedafc743be9b5c030ece22dcef2be7492c

    SHA512

    218842e93b5e9f5b60fa5d9edeb6b5d3fede932bce903bae6da40ec7352f8157f5eddc78f2a44fe99fafe88cdb242aa66143ee63b4a012c4940f8290b132e9d9

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BUBP79MG\www.java[1].xml

    Filesize

    398B

    MD5

    e65449addc05adf70fb55aa24a60d63e

    SHA1

    0e0811cb597b4f2dda62534f8940746d5336930c

    SHA256

    94909ad7794d729c6945edbe4f8144511957949dd9028162ac935d5287296eef

    SHA512

    0729cf0717e9f0957278edd098e49ce0dd5ab1c689af724684149e153b94e9c63ab1e50ea0af18a34270e8502c79fb3292dcd51f354959d0916b62252256af4b

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BUBP79MG\www.java[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat

    Filesize

    1KB

    MD5

    30773147af44447e7fd48e2d2ce7d0de

    SHA1

    6ea117d2875bb308d9094427f04ce77dfcfb3a4c

    SHA256

    ec835046ca85a071f26928823f5a6c8c8de6097d583138f19703e899a29313c2

    SHA512

    581f0e7c55158b00d588c25a496197f3e651908788060298917c853907d3b9c41362f42148da65ccabcb6020bb710ce59e8ea315c877c1eb46d0c53ad6c8e41e

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\favicon[1].ico

    Filesize

    1KB

    MD5

    8e39f067cc4f41898ef342843171d58a

    SHA1

    ab19e81ce8ccb35b81bf2600d85c659e78e5c880

    SHA256

    872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd

    SHA512

    47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

  • C:\Users\Admin\AppData\Local\Temp\Cab5B6A.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar5B7C.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\Tar5C5D.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Local\Temp\~DF2467006C14EA6396.TMP

    Filesize

    16KB

    MD5

    9ebee76392cc6885a6c6397ccc4a9675

    SHA1

    100bf5b7e0a4c9a5115028dfd4095908ecf85605

    SHA256

    e98d2ef1c44e14aeeee91a244ef54a0882853b335bd987d897d019255def6ca3

    SHA512

    91c7404dc76bc90d29fda970c6196250aa7dc674ef7c989e20d12bdcf0e15afed7dc56d9538a53c1f44987e120018439f0c4bcb5302b4a0db1a031946f9d8c51

  • memory/2956-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB