858ff0e6cd73fb2fc697e98f99ad5f9bd4de08a2a66f9a8b96267e169ecfc381

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CSVboard v1.1/CSVboard.exe
Size

71KB
MD5

7e41a080dde71f26ddc6f92f6d1f748c
SHA1

b1048a624aa5806ff65f8b93e3dc9c0af9b5cba4
SHA256

5692c8b706a4a2a669a23a49118a7e496a8eddfa5a1c729f593a6e893f4e390c
SHA512

32cc2237f9e4ce48ede9ca78ade400a509eda1277d0159907db00ab1938aeb2263a4939efd301622f4e3f4409b6cfa922ab1f64462f9fbd94f588fdf0bed9de9
SSDEEP

1536:WrNFwnxAKJIUYVEBw5VAKfZswejcy25DByyk:WrNexJSVEB0fZFejcN5DByyk

Score

7^/10

discovery upx

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1448	icacls.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral8/memory/2668-0-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral8/memory/2668-2-0x0000000000400000-0x0000000000419000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5044	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 5044	2668	CSVboard.exe	80
PID 2668 wrote to memory of 5044	2668	CSVboard.exe	80
PID 5044 wrote to memory of 1448	5044	javaw.exe	84
PID 5044 wrote to memory of 1448	5044	javaw.exe	84

C:\Users\Admin\AppData\Local\Temp\CSVboard v1.1\CSVboard.exe
"C:\Users\Admin\AppData\Local\Temp\CSVboard v1.1\CSVboard.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\CSVboard v1.1\CSVboard.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5044
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:1448

C:\Windows\System32\Upfc.exe
C:\Windows\System32\Upfc.exe /launchtype periodic /cv KwNQdXLaVU6WzTcdlpLw4w.0
1⤵
PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
dcc3466cb05788d5b662a285577a0494

SHA1
41fdc376346f8d912746bf96826aedb0451d5837

SHA256
6f21319c1e8c9d613244a5c7978e19e9367405a768c016e4a24f332c36572a9f

SHA512
1fb12e79c90d6b02a13e49f8c0c51c7db42446c50073c5185278a94e51a11cfa27fe822de1aa80a51b166f39077bd4a8cf7e00cabf31dd69f77f62888a4e12b5

Download Submit
memory/2668-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2668-2-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/5044-5-0x0000022E3CA30000-0x0000022E3CCA0000-memory.dmp

Filesize
2.4MB

Download
memory/5044-20-0x0000022E3B1E0000-0x0000022E3B1E1000-memory.dmp

Filesize
4KB

Download
memory/5044-22-0x0000022E3CCA0000-0x0000022E3CCB0000-memory.dmp

Filesize
64KB

Download
memory/5044-26-0x0000022E3CCC0000-0x0000022E3CCD0000-memory.dmp

Filesize
64KB

Download
memory/5044-25-0x0000022E3CCB0000-0x0000022E3CCC0000-memory.dmp

Filesize
64KB

Download
memory/5044-29-0x0000022E3CCD0000-0x0000022E3CCE0000-memory.dmp

Filesize
64KB

Download
memory/5044-34-0x0000022E3CCF0000-0x0000022E3CD00000-memory.dmp

Filesize
64KB

Download
memory/5044-32-0x0000022E3CCE0000-0x0000022E3CCF0000-memory.dmp

Filesize
64KB

Download
memory/5044-37-0x0000022E3CD10000-0x0000022E3CD20000-memory.dmp

Filesize
64KB

Download
memory/5044-36-0x0000022E3CD00000-0x0000022E3CD10000-memory.dmp

Filesize
64KB

Download
memory/5044-39-0x0000022E3CD20000-0x0000022E3CD30000-memory.dmp

Filesize
64KB

Download
memory/5044-42-0x0000022E3CD30000-0x0000022E3CD40000-memory.dmp

Filesize
64KB

Download
memory/5044-45-0x0000022E3CD40000-0x0000022E3CD50000-memory.dmp

Filesize
64KB

Download
memory/5044-46-0x0000022E3CA30000-0x0000022E3CCA0000-memory.dmp

Filesize
2.4MB

Download
memory/5044-47-0x0000022E3CD50000-0x0000022E3CD60000-memory.dmp

Filesize
64KB

Download
memory/5044-50-0x0000022E3CD60000-0x0000022E3CD70000-memory.dmp

Filesize
64KB

Download
memory/5044-49-0x0000022E3CCA0000-0x0000022E3CCB0000-memory.dmp

Filesize
64KB

Download
memory/5044-54-0x0000022E3CD70000-0x0000022E3CD80000-memory.dmp

Filesize
64KB

Download
memory/5044-53-0x0000022E3CCC0000-0x0000022E3CCD0000-memory.dmp

Filesize
64KB

Download
memory/5044-52-0x0000022E3CCB0000-0x0000022E3CCC0000-memory.dmp

Filesize
64KB

Download
memory/5044-58-0x0000022E3CD80000-0x0000022E3CD90000-memory.dmp

Filesize
64KB

Download
memory/5044-57-0x0000022E3CCE0000-0x0000022E3CCF0000-memory.dmp

Filesize
64KB

Download
memory/5044-56-0x0000022E3CCD0000-0x0000022E3CCE0000-memory.dmp

Filesize
64KB

Download
memory/5044-60-0x0000022E3CD90000-0x0000022E3CDA0000-memory.dmp

Filesize
64KB

Download
memory/5044-63-0x0000022E3CCF0000-0x0000022E3CD00000-memory.dmp

Filesize
64KB

Download
memory/5044-64-0x0000022E3CDA0000-0x0000022E3CDB0000-memory.dmp

Filesize
64KB

Download
memory/5044-67-0x0000022E3CDB0000-0x0000022E3CDC0000-memory.dmp

Filesize
64KB

Download
memory/5044-66-0x0000022E3CD10000-0x0000022E3CD20000-memory.dmp

Filesize
64KB

Download
memory/5044-65-0x0000022E3CD00000-0x0000022E3CD10000-memory.dmp

Filesize
64KB

Download
memory/5044-70-0x0000022E3CDC0000-0x0000022E3CDD0000-memory.dmp

Filesize
64KB

Download
memory/5044-69-0x0000022E3CD20000-0x0000022E3CD30000-memory.dmp

Filesize
64KB

Download
memory/5044-76-0x0000022E3CDE0000-0x0000022E3CDF0000-memory.dmp

Filesize
64KB

Download
memory/5044-75-0x0000022E3CDD0000-0x0000022E3CDE0000-memory.dmp

Filesize
64KB

Download
memory/5044-74-0x0000022E3CD30000-0x0000022E3CD40000-memory.dmp

Filesize
64KB

Download
memory/5044-78-0x0000022E3CD40000-0x0000022E3CD50000-memory.dmp

Filesize
64KB

Download
memory/5044-79-0x0000022E3CDF0000-0x0000022E3CE00000-memory.dmp

Filesize
64KB

Download
memory/5044-84-0x0000022E3CE00000-0x0000022E3CE10000-memory.dmp

Filesize
64KB

Download
memory/5044-83-0x0000022E3CD50000-0x0000022E3CD60000-memory.dmp

Filesize
64KB

Download
memory/5044-87-0x0000022E3CD60000-0x0000022E3CD70000-memory.dmp

Filesize
64KB

Download
memory/5044-88-0x0000022E3CE10000-0x0000022E3CE20000-memory.dmp

Filesize
64KB

Download
memory/5044-90-0x0000022E3CD70000-0x0000022E3CD80000-memory.dmp

Filesize
64KB

Download
memory/5044-91-0x0000022E3CE20000-0x0000022E3CE30000-memory.dmp

Filesize
64KB

Download
memory/5044-92-0x0000022E3CD80000-0x0000022E3CD90000-memory.dmp

Filesize
64KB

Download
memory/5044-93-0x0000022E3CE30000-0x0000022E3CE40000-memory.dmp

Filesize
64KB

Download
memory/5044-96-0x0000022E3CD90000-0x0000022E3CDA0000-memory.dmp

Filesize
64KB

Download
memory/5044-97-0x0000022E3CE40000-0x0000022E3CE50000-memory.dmp

Filesize
64KB

Download
memory/5044-100-0x0000022E3CE50000-0x0000022E3CE60000-memory.dmp

Filesize
64KB

Download
memory/5044-99-0x0000022E3CDA0000-0x0000022E3CDB0000-memory.dmp

Filesize
64KB

Download
memory/5044-102-0x0000022E3CDB0000-0x0000022E3CDC0000-memory.dmp

Filesize
64KB

Download
memory/5044-103-0x0000022E3CE60000-0x0000022E3CE70000-memory.dmp

Filesize
64KB

Download
memory/5044-106-0x0000022E3CE70000-0x0000022E3CE80000-memory.dmp

Filesize
64KB

Download
memory/5044-105-0x0000022E3CDC0000-0x0000022E3CDD0000-memory.dmp

Filesize
64KB

Download
memory/5044-109-0x0000022E3CDD0000-0x0000022E3CDE0000-memory.dmp

Filesize
64KB

Download
memory/5044-111-0x0000022E3CE80000-0x0000022E3CE90000-memory.dmp

Filesize
64KB

Download
memory/5044-110-0x0000022E3CDE0000-0x0000022E3CDF0000-memory.dmp

Filesize
64KB

Download
memory/5044-113-0x0000022E3CDF0000-0x0000022E3CE00000-memory.dmp

Filesize
64KB

Download
memory/5044-114-0x0000022E3CE90000-0x0000022E3CEA0000-memory.dmp

Filesize
64KB

Download
memory/5044-115-0x0000022E3CE00000-0x0000022E3CE10000-memory.dmp

Filesize
64KB

Download
memory/5044-116-0x0000022E3CEA0000-0x0000022E3CEB0000-memory.dmp

Filesize
64KB

Download
memory/5044-126-0x0000022E3CE20000-0x0000022E3CE30000-memory.dmp

Filesize
64KB

Download
memory/5044-129-0x0000022E3CEE0000-0x0000022E3CEF0000-memory.dmp

Filesize
64KB

Download
memory/5044-128-0x0000022E3CE30000-0x0000022E3CE40000-memory.dmp

Filesize
64KB

Download
memory/5044-125-0x0000022E3CEC0000-0x0000022E3CED0000-memory.dmp

Filesize
64KB

Download
memory/5044-124-0x0000022E3CED0000-0x0000022E3CEE0000-memory.dmp

Filesize
64KB

Download
memory/5044-123-0x0000022E3CEB0000-0x0000022E3CEC0000-memory.dmp

Filesize
64KB

Download
memory/5044-122-0x0000022E3CE10000-0x0000022E3CE20000-memory.dmp

Filesize
64KB

Download
memory/5044-131-0x0000022E3CEF0000-0x0000022E3CF00000-memory.dmp

Filesize
64KB

Download
memory/5044-130-0x0000022E3CE40000-0x0000022E3CE50000-memory.dmp

Filesize
64KB

Download
memory/5044-134-0x0000022E3CE50000-0x0000022E3CE60000-memory.dmp

Filesize
64KB

Download
memory/5044-135-0x0000022E3CE60000-0x0000022E3CE70000-memory.dmp

Filesize
64KB

Download
memory/5044-136-0x0000022E3CE70000-0x0000022E3CE80000-memory.dmp

Filesize
64KB

Download
memory/5044-137-0x0000022E3CE80000-0x0000022E3CE90000-memory.dmp

Filesize
64KB

Download
memory/5044-138-0x0000022E3CE90000-0x0000022E3CEA0000-memory.dmp

Filesize
64KB

Download
memory/5044-139-0x0000022E3CEA0000-0x0000022E3CEB0000-memory.dmp

Filesize
64KB

Download
memory/5044-140-0x0000022E3CEB0000-0x0000022E3CEC0000-memory.dmp

Filesize
64KB

Download
memory/5044-141-0x0000022E3CEC0000-0x0000022E3CED0000-memory.dmp

Filesize
64KB

Download
memory/5044-143-0x0000022E3CEF0000-0x0000022E3CF00000-memory.dmp

Filesize
64KB

Download
memory/5044-145-0x0000022E3CF00000-0x0000022E3CF10000-memory.dmp

Filesize
64KB

Download