3d35f9281e2e3a5d6aaae0c9eac26c2bd2ce6602606f3da6191c186b44bfbbf4

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BHOP.exe
Size

1019KB
MD5

bb933ddc224c3ebf51b131408e3a6d1e
SHA1

485dd934553808f8162e58fbff2aa0b252727995
SHA256

3d35f9281e2e3a5d6aaae0c9eac26c2bd2ce6602606f3da6191c186b44bfbbf4
SHA512

443fa883f496d788e14b52e9b301a2c800b5671959947f9ae4a053244b2d5e5cac736eeecf65d0b7c6c26dafc9db81720ae3dd415009993d850a2b47e4ef39e5
SSDEEP

24576:78DhT4UFRr8J6O7/CCszHM4FwiU/cmVUCcnUYFVL:o1kUFR43j4BWc3zVL

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3988	icacls.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3040	PING.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2444	javaw.exe
2444	javaw.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 2444	868	BHOP.exe	80
PID 868 wrote to memory of 2444	868	BHOP.exe	80
PID 2444 wrote to memory of 3988	2444	javaw.exe	81
PID 2444 wrote to memory of 3988	2444	javaw.exe	81
PID 2444 wrote to memory of 4484	2444	javaw.exe	84
PID 2444 wrote to memory of 4484	2444	javaw.exe	84
PID 4484 wrote to memory of 3040	4484	cmd.exe	86
PID 4484 wrote to memory of 3040	4484	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\BHOP.exe
"C:\Users\Admin\AppData\Local\Temp\BHOP.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dlaunch4j.exedir="C:\Users\Admin\AppData\Local\Temp" -Dlaunch4j.exefile="C:\Users\Admin\AppData\Local\Temp\BHOP.exe" -Dhttps.protocols="SSLv3,TLSv1,TLSv1.1,TLSv1.2" -jar "C:\Users\Admin\AppData\Local\Temp\BHOP.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:3988
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe "/c ""%systemroot%\system32\ping.exe" -n 2 localhost > nul && move /y "C:\Users\Admin\AppData\Local\Temp\BHOP\BHOP.new" "C:\Users\Admin\AppData\Local\Temp\BHOP.exe" && move /y "C:\Users\Admin\AppData\Local\Temp\BHOP.exe" "C:\Users\Admin\AppData\Local\Temp\BHOP.exe"""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4484
  - - C:\Windows\system32\PING.EXE
      "C:\Windows\system32\ping.exe" -n 2 localhost
      4⤵
      Runs ping.exe
      PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
c673d7f9d18adbba3b16b1433e261b0e

SHA1
5121dbd76c6fd151d21261933dd6d19f1f9dc07f

SHA256
1aade03cbe633f04e7b618bacd204ff0b7bae6c8ab77846e5e24dcef0fe439c9

SHA512
db9facbbf96a85302a88c9e5bfcd037b189f4743f6b0e7f961f971e4896b1e5e87863de8de66b6aabaad5c309b71ead88bc5954b68944b4df50dd36535618ac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\BHOP\BHOP.new

Filesize
1018KB

MD5
48df92ffbc86bd3c605a0020e012677c

SHA1
5aa630b4e9a5d793f7e598bfb218d79b356667b6

SHA256
3e844976f4a5f47fdf56dfe348651bbbe8628acbbb5ba3507f23b446304be1ce

SHA512
489444ac7c68865d54a0f1ca7d1e3a96c8db9021c8843a2d2c4acb818f3f2d4daeb1e74c5a6a62439fbd7acd01bedabf9d3d5350f40020961887c034067bb740

Download Submit
memory/868-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2444-3-0x0000021F190D0000-0x0000021F19340000-memory.dmp

Filesize
2.4MB

Download
memory/2444-25-0x0000021F190B0000-0x0000021F190B1000-memory.dmp

Filesize
4KB

Download
memory/2444-26-0x0000021F19340000-0x0000021F19350000-memory.dmp

Filesize
64KB

Download
memory/2444-34-0x0000021F19380000-0x0000021F19390000-memory.dmp

Filesize
64KB

Download
memory/2444-32-0x0000021F19360000-0x0000021F19370000-memory.dmp

Filesize
64KB

Download
memory/2444-31-0x0000021F19350000-0x0000021F19360000-memory.dmp

Filesize
64KB

Download
memory/2444-33-0x0000021F19370000-0x0000021F19380000-memory.dmp

Filesize
64KB

Download
memory/2444-38-0x0000021F19390000-0x0000021F193A0000-memory.dmp

Filesize
64KB

Download
memory/2444-40-0x0000021F193B0000-0x0000021F193C0000-memory.dmp

Filesize
64KB

Download
memory/2444-39-0x0000021F193A0000-0x0000021F193B0000-memory.dmp

Filesize
64KB

Download
memory/2444-46-0x0000021F193C0000-0x0000021F193D0000-memory.dmp

Filesize
64KB

Download
memory/2444-49-0x0000021F193F0000-0x0000021F19400000-memory.dmp

Filesize
64KB

Download
memory/2444-48-0x0000021F193E0000-0x0000021F193F0000-memory.dmp

Filesize
64KB

Download
memory/2444-47-0x0000021F193D0000-0x0000021F193E0000-memory.dmp

Filesize
64KB

Download
memory/2444-50-0x0000021F19400000-0x0000021F19410000-memory.dmp

Filesize
64KB

Download
memory/2444-54-0x0000021F19420000-0x0000021F19430000-memory.dmp

Filesize
64KB

Download
memory/2444-53-0x0000021F19410000-0x0000021F19420000-memory.dmp

Filesize
64KB

Download
memory/2444-59-0x0000021F19430000-0x0000021F19440000-memory.dmp

Filesize
64KB

Download
memory/2444-58-0x0000021F190D0000-0x0000021F19340000-memory.dmp

Filesize
2.4MB

Download
memory/2444-62-0x0000021F19340000-0x0000021F19350000-memory.dmp

Filesize
64KB

Download
memory/2444-64-0x0000021F19450000-0x0000021F19460000-memory.dmp

Filesize
64KB

Download
memory/2444-63-0x0000021F19440000-0x0000021F19450000-memory.dmp

Filesize
64KB

Download
memory/2444-66-0x0000021F19460000-0x0000021F19470000-memory.dmp

Filesize
64KB

Download
memory/2444-68-0x0000021F19350000-0x0000021F19360000-memory.dmp

Filesize
64KB

Download
memory/2444-70-0x0000021F19470000-0x0000021F19480000-memory.dmp

Filesize
64KB

Download
memory/2444-69-0x0000021F19360000-0x0000021F19370000-memory.dmp

Filesize
64KB

Download
memory/2444-74-0x0000021F19480000-0x0000021F19490000-memory.dmp

Filesize
64KB

Download
memory/2444-73-0x0000021F19370000-0x0000021F19380000-memory.dmp

Filesize
64KB

Download
memory/2444-76-0x0000021F19380000-0x0000021F19390000-memory.dmp

Filesize
64KB

Download
memory/2444-77-0x0000021F19490000-0x0000021F194A0000-memory.dmp

Filesize
64KB

Download
memory/2444-79-0x0000021F19390000-0x0000021F193A0000-memory.dmp

Filesize
64KB

Download
memory/2444-80-0x0000021F193A0000-0x0000021F193B0000-memory.dmp

Filesize
64KB

Download
memory/2444-81-0x0000021F193B0000-0x0000021F193C0000-memory.dmp

Filesize
64KB

Download
memory/2444-82-0x0000021F194A0000-0x0000021F194B0000-memory.dmp

Filesize
64KB

Download
memory/2444-83-0x0000021F190B0000-0x0000021F190B1000-memory.dmp

Filesize
4KB

Download
memory/2444-84-0x0000021F190B0000-0x0000021F190B1000-memory.dmp

Filesize
4KB

Download
memory/2444-95-0x0000021F193D0000-0x0000021F193E0000-memory.dmp

Filesize
64KB

Download
memory/2444-98-0x0000021F194B0000-0x0000021F194C0000-memory.dmp

Filesize
64KB

Download
memory/2444-97-0x0000021F193F0000-0x0000021F19400000-memory.dmp

Filesize
64KB

Download
memory/2444-96-0x0000021F193E0000-0x0000021F193F0000-memory.dmp

Filesize
64KB

Download
memory/2444-94-0x0000021F193C0000-0x0000021F193D0000-memory.dmp

Filesize
64KB

Download
memory/2444-99-0x0000021F190B0000-0x0000021F190B1000-memory.dmp

Filesize
4KB

Download
memory/2444-100-0x0000021F19370000-0x0000021F19380000-memory.dmp

Filesize
64KB

Download
memory/2444-101-0x0000021F19380000-0x0000021F19390000-memory.dmp

Filesize
64KB

Download
memory/2444-102-0x0000021F19350000-0x0000021F19360000-memory.dmp

Filesize
64KB

Download
memory/2444-103-0x0000021F19360000-0x0000021F19370000-memory.dmp

Filesize
64KB

Download
memory/2444-104-0x0000021F190D0000-0x0000021F19340000-memory.dmp

Filesize
2.4MB

Download
memory/2444-124-0x0000021F194B0000-0x0000021F194C0000-memory.dmp

Filesize
64KB

Download
memory/2444-123-0x0000021F194A0000-0x0000021F194B0000-memory.dmp

Filesize
64KB

Download
memory/2444-122-0x0000021F19490000-0x0000021F194A0000-memory.dmp

Filesize
64KB

Download
memory/2444-121-0x0000021F19480000-0x0000021F19490000-memory.dmp

Filesize
64KB

Download
memory/2444-120-0x0000021F19470000-0x0000021F19480000-memory.dmp

Filesize
64KB

Download
memory/2444-119-0x0000021F19460000-0x0000021F19470000-memory.dmp

Filesize
64KB

Download
memory/2444-118-0x0000021F19450000-0x0000021F19460000-memory.dmp

Filesize
64KB

Download
memory/2444-117-0x0000021F19440000-0x0000021F19450000-memory.dmp

Filesize
64KB

Download
memory/2444-116-0x0000021F19430000-0x0000021F19440000-memory.dmp

Filesize
64KB

Download
memory/2444-115-0x0000021F19420000-0x0000021F19430000-memory.dmp

Filesize
64KB

Download
memory/2444-114-0x0000021F19410000-0x0000021F19420000-memory.dmp

Filesize
64KB

Download
memory/2444-113-0x0000021F19400000-0x0000021F19410000-memory.dmp

Filesize
64KB

Download
memory/2444-112-0x0000021F193F0000-0x0000021F19400000-memory.dmp

Filesize
64KB

Download
memory/2444-111-0x0000021F193E0000-0x0000021F193F0000-memory.dmp

Filesize
64KB

Download
memory/2444-110-0x0000021F193D0000-0x0000021F193E0000-memory.dmp

Filesize
64KB

Download
memory/2444-109-0x0000021F193C0000-0x0000021F193D0000-memory.dmp

Filesize
64KB

Download
memory/2444-108-0x0000021F193B0000-0x0000021F193C0000-memory.dmp

Filesize
64KB

Download
memory/2444-107-0x0000021F193A0000-0x0000021F193B0000-memory.dmp

Filesize
64KB

Download
memory/2444-106-0x0000021F19390000-0x0000021F193A0000-memory.dmp

Filesize
64KB

Download
memory/2444-105-0x0000021F19340000-0x0000021F19350000-memory.dmp

Filesize
64KB

Download