Overview

overview

7

Static

static

1

gradlew.bat

windows11-21h2-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/06/2024, 19:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    gradlew.bat

  • Size

    2KB

  • MD5

    5f5d1ab20ea18615cacf8a6a2d887587

  • SHA1

    f9fd0fb4f067b868f7a11e1c0a8115e1cfcf3002

  • SHA256

    8e327fcb99d29ce0fe3ee2fec6e6a25de815a2df83a6a44a553dea89ffc92955

  • SHA512

    ae8896b5cdb70b2362e9e641a56a44060f6c896ffa972a4974e0eb256a716e11793ce666a95979c6b72d2db60c5caa51507d2bb373a4dafc89296b4d954b8cb6

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\gradlew.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3324
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
      java.exe -version
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3852
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:1868
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
      "java.exe" "-Xmx64m" "-Xms64m" "-Dorg.gradle.appname=gradlew" -classpath "C:\Users\Admin\AppData\Local\Temp\\gradle\wrapper\gradle-wrapper.jar" org.gradle.wrapper.GradleWrapperMain
      2⤵
        PID:2784
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:780
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1020
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.0.1467851799\144783458" -parentBuildID 20230214051806 -prefsHandle 1816 -prefMapHandle 1812 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b0e965a-7589-4b3e-ab8b-694b23e1d825} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 1896 286bc612a58 gpu
          3⤵
            PID:4640
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.1.1735947757\1328101488" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cf3e779-9bae-4e38-8be6-9ad4319ed76d} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 2420 286af886558 socket
            3⤵
              PID:2364
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.2.1608572053\1474732499" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c053ce2c-6b51-4f29-b819-8c2b7196cde9} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 2928 286bf312258 tab
              3⤵
                PID:2268
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.3.2091665298\841163971" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88597b95-5bdf-47d8-9d13-646298333aec} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3564 286c1dea558 tab
                3⤵
                  PID:1348
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.4.391273533\1457719511" -childID 3 -isForBrowser -prefsHandle 5036 -prefMapHandle 5028 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97dcb51d-92bb-4f6d-a458-d1a12a956bb5} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5040 286c4373758 tab
                  3⤵
                    PID:1852
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.5.1215286141\423539671" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f68a701d-1824-4a85-9f61-f2d05ff84b7e} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5160 286c4374358 tab
                    3⤵
                      PID:1596
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.6.378694604\796949303" -childID 5 -isForBrowser -prefsHandle 5340 -prefMapHandle 5336 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b509bd7-0d8a-4cd2-bef7-cb4cd535333e} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5384 286c4523e58 tab
                      3⤵
                        PID:4284
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.7.1904404794\1171882241" -childID 6 -isForBrowser -prefsHandle 5748 -prefMapHandle 5744 -prefsLen 27769 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcec02a6-b28c-47de-a0a7-ca0a2b003a47} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3280 286bed3ef58 tab
                        3⤵
                          PID:696
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.8.1646573568\449183064" -childID 7 -isForBrowser -prefsHandle 5904 -prefMapHandle 5900 -prefsLen 28034 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04f21fac-bfcc-4b42-a35c-9216befa2992} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5912 286bf315258 tab
                          3⤵
                            PID:4936

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
                              Filesize

                              46B

                              MD5

                              1a9228bf82ffee392e6c39f775a99554

                              SHA1

                              bb5d869181d87d1b5380b8c9329a7e4984b5839a

                              SHA256

                              b533fafd07539ae07c1131f474ee73ea17521b62180bf4787b445e9359774c1c

                              SHA512

                              b772a084386546ed73ada85f8889af531f239c5ed092a17f23bc96c33f2d009dd9f0a1e13f77047c24973c54e14d28bac55feb649b87b920d00574f8cd7717a7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mg2c1myw.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              26KB

                              MD5

                              ec7f12f05f8c1344cdb344c32e48cfa4

                              SHA1

                              da37a1da62feb108410401b3de644f8f40fd75aa

                              SHA256

                              9e23c348b605e8e9ca46906bf9df5103bb165f2240f70c4a9230a98ff6cd1530

                              SHA512

                              1e3474a97570c3001e3c3751378a50121d31b2f2d1d48b305ba6ca22c1271f915ea56b2e64a99bf3fcf4d1ffe2321cf44d5fd867a1accf75be7edf8b81ef721d

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\prefs-1.js
                              Filesize

                              7KB

                              MD5

                              fd8c0a7c2290a8311027eba346479ae5

                              SHA1

                              756ca7a90712d0aedd21ac319d24273662f2432d

                              SHA256

                              13097191a5154dc345263a23029e44cc4104a625e3f4ed0b84548d03fa35b5b5

                              SHA512

                              b541a2a2af5b82aa6d3d59891f86bf679a1aafd2e904b0fd255c4a3ace15217373e31d3e9150fcde3565a8baa8085eb16d423bddb08a9d9123f0650ba16d2e5a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\prefs-1.js
                              Filesize

                              7KB

                              MD5

                              a988570af55af7db46659c1d88ce7eb0

                              SHA1

                              65096f51dde09b447f4c6da380f0a324b5a89c68

                              SHA256

                              3d9efcde865a013ff59be88c51de3320981c13a97c5e213c9811a9568cca13aa

                              SHA512

                              9e2a6471e04011a5af24170bf1df9ccdb15edf68cc64bb76664dd1c83e204fb8ff98010f6cbcfafcc96125c394b0359e7263e31bd870cd67cefc17a0545bdebd

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\prefs.js
                              Filesize

                              6KB

                              MD5

                              04db4eefc29238999e84f55bae64db1d

                              SHA1

                              ea4b94bbd1e788c92d2b88c56f8be93b16f6788f

                              SHA256

                              94b9b6b986f0b1e53bed41f935fe865fd97932c863adca5195ee2c9c8713053a

                              SHA512

                              05f35c132df86dc2d5477a789d64d280ec981cd212f3694c5c8d8e320bb6a05ca8c3bf1c6bfcf4b60213b9f6c88ac2681a687349a6c719abb446256be9f6fa36

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              9866fb2a781373b6965219ef83a411d7

                              SHA1

                              30d367f2824aea8313c5abb3240c013a69d90674

                              SHA256

                              488fdaa40830f9655437436256ad86310d4132690ab98bb5cba88940280485f5

                              SHA512

                              0955561dcae7d96a2cb688c13a968c8726d1552dd0ecec813e96891cce725e1041a85656d09bd060f165ce0a420ef03ccf82a4b0dc70eb5e183ae5bcd2f79ef8

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              f3ae577eb63bb16660ce136d187c0fd8

                              SHA1

                              dfac8633f41b1eaac8ba9f492c96d660d72d91f5

                              SHA256

                              0214fdcebe1071f98b03ad5aaa58fbb4ff0f848a01c8afa52c697c1435baa2fb

                              SHA512

                              9bce6a0a489eb22226343537552ae3cfa1736e9798cd0061fc7d363cb22c6b49721cef1b9c2440ecfe59d9caf8876369c9c46d9bf4f1d15bc4cd142f85c49295

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              a00f590fd1b1a7c1f37802806edf4f0a

                              SHA1

                              850055cd5643e938e523a0e517a1fa90ddcf3657

                              SHA256

                              ef76074e450dc4abd753144bc6e78bc0885c53611c4bea0f2e6a06ab915dc743

                              SHA512

                              48f5a714743d317d47e93ba371ca4e0bba41fbae1a7fb89e9caa90dc62144421e8144f58f21bf17218ecb1c728123ceddcea123e98c48ae08cc195c0c4e593d4

                              Download Submit

                            • memory/2784-27-0x0000024100000000-0x0000024100270000-memory.dmp

                              Filesize

                              2.4MB

                              Download

                            • memory/2784-26-0x00000241788A0000-0x00000241788A1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2784-17-0x0000024100000000-0x0000024100270000-memory.dmp

                              Filesize

                              2.4MB

                              Download

                            • memory/3852-2-0x000001E400000000-0x000001E400270000-memory.dmp

                              Filesize

                              2.4MB

                              Download

                            • memory/3852-12-0x000001E4724D0000-0x000001E4724D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3852-14-0x000001E400000000-0x000001E400270000-memory.dmp

                              Filesize

                              2.4MB

                              Download