52cd65f3b16c2070d34e26f5794b0b024c8a607b7d03e6cd82a439027eae525a

Analysis

max time kernel
140s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Burpy-main/keygen.jar
Size

63KB
MD5

a4ead4abf81293e88cc2247302c19877
SHA1

13be3e844fbe07e524f33682af5aab7cb24b8f73
SHA256

7ce1ac8090ec484d8b21a81d97866ffa55a761e63a2daf831488a34475b434c5
SHA512

f139166520dad00dce2faf5efa4151f0b1375e1df417c1389863b6fa36b9d2d343efb3ceae6ddc40aed447491da3b3e228d97bc7fee103231f15b092a6295e35
SSDEEP

1536:yCdJN7TYDPdMUHwG+j5FOwLq9hpIThxE7afiW5zLtXE:9N7LUujewL4fkx2afiQzLt0

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

968 icacls.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

java.exe

pid process

2484 java.exe
2484 java.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 2484 wrote to memory of 968 2484 java.exe icacls.exe
PID 2484 wrote to memory of 968 2484 java.exe icacls.exe

pid	process
968	icacls.exe

pid	process
2484	java.exe
2484	java.exe

description	pid	process	target process
PID 2484 wrote to memory of 968	2484	java.exe	icacls.exe
PID 2484 wrote to memory of 968	2484	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\keygen.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
8d1e51ba9332122f555e143e35d15699

SHA1
d701d60aa9b9d4e4cd705bff13aba2c6d44e8911

SHA256
36ec4dafb8ffed078f2d9f9a93fb2b9ac9c7c5a30007fb0175625edcd5ed7d46

SHA512
7435dbb1febb3884bd1fa5650af616b0fff310748f4f7e182e59894974cde97338b14a698b12af7e5f99f87d6df596a6fd4cb230e8691b4767c262429aebdcaa

Download Submit
memory/2484-45-0x000001C600270000-0x000001C600280000-memory.dmp

Filesize
64KB

Download
memory/2484-62-0x000001C600320000-0x000001C600330000-memory.dmp

Filesize
64KB

Download
memory/2484-18-0x000001C675890000-0x000001C675891000-memory.dmp

Filesize
4KB

Download
memory/2484-25-0x000001C6002A0000-0x000001C6002B0000-memory.dmp

Filesize
64KB

Download
memory/2484-24-0x000001C600290000-0x000001C6002A0000-memory.dmp

Filesize
64KB

Download
memory/2484-22-0x000001C600280000-0x000001C600290000-memory.dmp

Filesize
64KB

Download
memory/2484-46-0x000001C600290000-0x000001C6002A0000-memory.dmp

Filesize
64KB

Download
memory/2484-27-0x000001C6002B0000-0x000001C6002C0000-memory.dmp

Filesize
64KB

Download
memory/2484-33-0x000001C6002E0000-0x000001C6002F0000-memory.dmp

Filesize
64KB

Download
memory/2484-32-0x000001C6002D0000-0x000001C6002E0000-memory.dmp

Filesize
64KB

Download
memory/2484-35-0x000001C6002F0000-0x000001C600300000-memory.dmp

Filesize
64KB

Download
memory/2484-37-0x000001C600300000-0x000001C600310000-memory.dmp

Filesize
64KB

Download
memory/2484-38-0x000001C600310000-0x000001C600320000-memory.dmp

Filesize
64KB

Download
memory/2484-41-0x000001C600000000-0x000001C600270000-memory.dmp

Filesize
2.4MB

Download
memory/2484-64-0x000001C600340000-0x000001C600350000-memory.dmp

Filesize
64KB

Download
memory/2484-17-0x000001C600270000-0x000001C600280000-memory.dmp

Filesize
64KB

Download
memory/2484-28-0x000001C6002C0000-0x000001C6002D0000-memory.dmp

Filesize
64KB

Download
memory/2484-47-0x000001C600330000-0x000001C600340000-memory.dmp

Filesize
64KB

Download
memory/2484-48-0x000001C675890000-0x000001C675891000-memory.dmp

Filesize
4KB

Download
memory/2484-50-0x000001C600280000-0x000001C600290000-memory.dmp

Filesize
64KB

Download
memory/2484-51-0x000001C600340000-0x000001C600350000-memory.dmp

Filesize
64KB

Download
memory/2484-53-0x000001C6002A0000-0x000001C6002B0000-memory.dmp

Filesize
64KB

Download
memory/2484-55-0x000001C6002B0000-0x000001C6002C0000-memory.dmp

Filesize
64KB

Download
memory/2484-57-0x000001C6002D0000-0x000001C6002E0000-memory.dmp

Filesize
64KB

Download
memory/2484-56-0x000001C6002C0000-0x000001C6002D0000-memory.dmp

Filesize
64KB

Download
memory/2484-58-0x000001C6002E0000-0x000001C6002F0000-memory.dmp

Filesize
64KB

Download
memory/2484-59-0x000001C6002F0000-0x000001C600300000-memory.dmp

Filesize
64KB

Download
memory/2484-60-0x000001C600300000-0x000001C600310000-memory.dmp

Filesize
64KB

Download
memory/2484-61-0x000001C600310000-0x000001C600320000-memory.dmp

Filesize
64KB

Download
memory/2484-2-0x000001C600000000-0x000001C600270000-memory.dmp

Filesize
2.4MB

Download
memory/2484-63-0x000001C600330000-0x000001C600340000-memory.dmp

Filesize
64KB

Download
memory/2484-42-0x000001C600320000-0x000001C600330000-memory.dmp

Filesize
64KB

Download