Overview
overview
10Static
static
3ProjectMainGitHub.zip
windows7-x64
1ProjectMainGitHub.zip
windows10-2004-x64
1ProjectGit...ine.js
windows7-x64
1ProjectGit...ine.js
windows10-2004-x64
1ProjectGit...er.exe
windows7-x64
7ProjectGit...er.exe
windows10-2004-x64
10ProjectGit...on.dll
windows7-x64
1ProjectGit...on.dll
windows10-2004-x64
1ProjectGit...rB.exe
windows7-x64
1ProjectGit...rB.exe
windows10-2004-x64
7ProjectGit...rS.exe
windows7-x64
1ProjectGit...rS.exe
windows10-2004-x64
7ProjectGit...cv.jar
windows7-x64
1ProjectGit...cv.jar
windows10-2004-x64
1ProjectGit...32.dll
windows10-2004-x64
1ProjectGit..._datas
windows7-x64
1ProjectGit..._datas
windows10-2004-x64
1ProjectGit...prefix
windows7-x64
1ProjectGit...prefix
windows10-2004-x64
1ProjectGit...tingss
windows7-x64
1ProjectGit...tingss
windows10-2004-x64
1ProjectGit...ersion
windows7-x64
1ProjectGit...ersion
windows10-2004-x64
1ProjectGit...ersion
windows7-x64
1ProjectGit...ersion
windows10-2004-x64
1ProjectGit...et.dll
windows7-x64
1ProjectGit...et.dll
windows10-2004-x64
1Analysis
-
max time kernel
139s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-03-2024 14:42
Static task
static1
Behavioral task
behavioral1
Sample
ProjectMainGitHub.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ProjectMainGitHub.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
ProjectGitHubMain/Engine.js
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
ProjectGitHubMain/Engine.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
ProjectGitHubMain/Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
ProjectGitHubMain/Loader.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
ProjectGitHubMain/Newtonsoft.Json.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
ProjectGitHubMain/Newtonsoft.Json.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
ProjectGitHubMain/bin/UbuilderB.exe
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
ProjectGitHubMain/bin/UbuilderB.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
ProjectGitHubMain/bin/UbuilderS.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
ProjectGitHubMain/bin/UbuilderS.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
ProjectGitHubMain/bin/scv.jar
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
ProjectGitHubMain/bin/scv.jar
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
ProjectGitHubMain/opengl32.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
ProjectGitHubMain/packages/key_datas
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
ProjectGitHubMain/packages/key_datas
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
ProjectGitHubMain/packages/prefix
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
ProjectGitHubMain/packages/prefix
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
ProjectGitHubMain/packages/settingss
Resource
win7-20240215-en
Behavioral task
behavioral21
Sample
ProjectGitHubMain/packages/settingss
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
ProjectGitHubMain/user_data/cache/version
Resource
win7-20240220-en
Behavioral task
behavioral23
Sample
ProjectGitHubMain/user_data/cache/version
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
ProjectGitHubMain/user_data/media_cache/version
Resource
win7-20231129-en
Behavioral task
behavioral25
Sample
ProjectGitHubMain/user_data/media_cache/version
Resource
win10v2004-20240319-en
Behavioral task
behavioral26
Sample
ProjectGitHubMain/xNet.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
ProjectGitHubMain/xNet.dll
Resource
win10v2004-20240226-en
General
-
Target
ProjectGitHubMain/bin/UbuilderS.exe
-
Size
3.6MB
-
MD5
8627fd537e892afae534c5e07f50b2c3
-
SHA1
8b90cc232744e7f0a1d27f5b4ec4f6d0d966ed9a
-
SHA256
09f156b3d7d51dad5a9ddd04f9685882a2d479e56deda6eaa0e58ecb19c19228
-
SHA512
1af58aeda603230a0091c5d871ac88773f2b57a835c42c36ebb79e2cc39c7c0edf795bf039bb0eface4303b2b9fb5c3878d8a5364e7d3b73daa26fc392c1da70
-
SSDEEP
49152:LC/+vwyHnNfERTPokBMyHJWGs8FaRMqu3XCqRq8stcpVk4JobxJ17IxRYbwPmmkO:szyHnN+TBrHJWGs2NyqeoNE/7SRYYCO
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Drops file in Program Files directory 12 IoCs
Processes:
javaw.exedescription ioc Process File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ntdll.pdb javaw.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
UbuilderS.exejavaw.exedescription pid Process procid_target PID 4192 wrote to memory of 60 4192 UbuilderS.exe 87 PID 4192 wrote to memory of 60 4192 UbuilderS.exe 87 PID 60 wrote to memory of 3652 60 javaw.exe 88 PID 60 wrote to memory of 3652 60 javaw.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderS.exe"C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderS.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4192 -
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\ProjectGitHubMain\bin\UbuilderS.exe" org.develnext.jphp.ext.javafx.FXLauncher2⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:60 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
PID:3652
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5a1079a6237062df888cabf07d7af7279
SHA13a1253c6b952169b9da76442599531b1f82a85a2
SHA256694e9af625ef58d5b99f09038d72772c13bce78f1e25419a63f552922351b20a
SHA512731c5d67017bd326949649814e91c8f7786cf9b4ed0b6304fb103e512fac5a496fcbe438a90a6a585c9c27fc082c80c01ee7853e45952c90254ed2467ba5cdbd