dcdf28acf360554a5a98d78f403c96ccea500be24b27d02b020e142820637c0a

Analysis

max time kernel
54s
max time network
17s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/07/2024, 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BurpLoaderKeygen.jar
Size

36KB
MD5

a3b1b3be59e6d3d374a2d3344213e6c7
SHA1

3d0e27962c83c8db2955fa79c27256442c0bcb55
SHA256

dcdf28acf360554a5a98d78f403c96ccea500be24b27d02b020e142820637c0a
SHA512

6cb93d2af6aa1c62bd8f94c0a7e192cc08ad092724753999c92e8569c9bd76bf8ad254d6eca757decaa7922f7a806143118b90d806de80f3c36eae5e8b8bbe64
SSDEEP

768:yG6uWNygZJbmjwB4HC8tyPAR8N4x3kWDuWYkfLb:yGbWNfJbmjSwNY4x9DuQf/

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2924	icacls.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2692	java.exe
2692	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2924	2692	java.exe	74
PID 2692 wrote to memory of 2924	2692	java.exe	74
PID 2692 wrote to memory of 4460	2692	java.exe	76
PID 2692 wrote to memory of 4460	2692	java.exe	76
PID 2692 wrote to memory of 2680	2692	java.exe	78
PID 2692 wrote to memory of 2680	2692	java.exe	78

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\BurpLoaderKeygen.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2924
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:4460
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9be24f517e202d99142c20076767162c

SHA1
6e517bbc66d39ace6c4526728623984f29aab3db

SHA256
67baf713738a37698c6ba5693c343c740757e7ff65c537d93ffd3775908a474b

SHA512
bf7fb027ba35f2dfd8842d269aaf07230eafd09c8ce79f35cc9c63d8788e58d4f07ad3248811e9f5347869a772046121f24d6404398687f6716b782f58081ec2

Download Submit
memory/2680-192-0x000001DC027A0000-0x000001DC027A1000-memory.dmp

Filesize
4KB

Download
memory/2692-71-0x000002002DF20000-0x000002002DF30000-memory.dmp

Filesize
64KB

Download
memory/2692-61-0x000002002DEF0000-0x000002002DF00000-memory.dmp

Filesize
64KB

Download
memory/2692-32-0x000002002DE50000-0x000002002DE60000-memory.dmp

Filesize
64KB

Download
memory/2692-31-0x000002002DE40000-0x000002002DE50000-memory.dmp

Filesize
64KB

Download
memory/2692-36-0x000002002DE60000-0x000002002DE70000-memory.dmp

Filesize
64KB

Download
memory/2692-37-0x000002002DE70000-0x000002002DE80000-memory.dmp

Filesize
64KB

Download
memory/2692-39-0x000002002DE80000-0x000002002DE90000-memory.dmp

Filesize
64KB

Download
memory/2692-42-0x000002002DEA0000-0x000002002DEB0000-memory.dmp

Filesize
64KB

Download
memory/2692-41-0x000002002DE90000-0x000002002DEA0000-memory.dmp

Filesize
64KB

Download
memory/2692-47-0x000002002DEC0000-0x000002002DED0000-memory.dmp

Filesize
64KB

Download
memory/2692-46-0x000002002DEB0000-0x000002002DEC0000-memory.dmp

Filesize
64KB

Download
memory/2692-49-0x000002002DED0000-0x000002002DEE0000-memory.dmp

Filesize
64KB

Download
memory/2692-48-0x000002002DBD0000-0x000002002DE40000-memory.dmp

Filesize
2.4MB

Download
memory/2692-73-0x000002002DE80000-0x000002002DE90000-memory.dmp

Filesize
64KB

Download
memory/2692-54-0x000002002DEE0000-0x000002002DEF0000-memory.dmp

Filesize
64KB

Download
memory/2692-74-0x000002002DF30000-0x000002002DF40000-memory.dmp

Filesize
64KB

Download
memory/2692-63-0x000002002DE40000-0x000002002DE50000-memory.dmp

Filesize
64KB

Download
memory/2692-64-0x000002002DF00000-0x000002002DF10000-memory.dmp

Filesize
64KB

Download
memory/2692-67-0x000002002DF10000-0x000002002DF20000-memory.dmp

Filesize
64KB

Download
memory/2692-66-0x000002002DE50000-0x000002002DE60000-memory.dmp

Filesize
64KB

Download
memory/2692-69-0x000002002DE60000-0x000002002DE70000-memory.dmp

Filesize
64KB

Download
memory/2692-2-0x000002002DBD0000-0x000002002DE40000-memory.dmp

Filesize
2.4MB

Download
memory/2692-205-0x000002002DF40000-0x000002002DF50000-memory.dmp

Filesize
64KB

Download
memory/2692-70-0x000002002DE70000-0x000002002DE80000-memory.dmp

Filesize
64KB

Download
memory/2692-50-0x000002002C3F0000-0x000002002C3F1000-memory.dmp

Filesize
4KB

Download
memory/2692-77-0x000002002DE90000-0x000002002DEA0000-memory.dmp

Filesize
64KB

Download
memory/2692-79-0x000002002DF40000-0x000002002DF50000-memory.dmp

Filesize
64KB

Download
memory/2692-78-0x000002002DEA0000-0x000002002DEB0000-memory.dmp

Filesize
64KB

Download
memory/2692-83-0x000002002C3F0000-0x000002002C3F1000-memory.dmp

Filesize
4KB

Download
memory/2692-96-0x000002002C3F0000-0x000002002C3F1000-memory.dmp

Filesize
4KB

Download
memory/2692-110-0x000002002DEB0000-0x000002002DEC0000-memory.dmp

Filesize
64KB

Download
memory/2692-111-0x000002002DEC0000-0x000002002DED0000-memory.dmp

Filesize
64KB

Download
memory/2692-122-0x000002002C3F0000-0x000002002C3F1000-memory.dmp

Filesize
4KB

Download
memory/2692-131-0x000002002C3F0000-0x000002002C3F1000-memory.dmp

Filesize
4KB

Download
memory/2692-149-0x000002002DED0000-0x000002002DEE0000-memory.dmp

Filesize
64KB

Download
memory/2692-174-0x000002002DEE0000-0x000002002DEF0000-memory.dmp

Filesize
64KB

Download
memory/2692-179-0x000002002DEF0000-0x000002002DF00000-memory.dmp

Filesize
64KB

Download
memory/2692-203-0x000002002DF30000-0x000002002DF40000-memory.dmp

Filesize
64KB

Download
memory/2692-201-0x000002002DF20000-0x000002002DF30000-memory.dmp

Filesize
64KB

Download
memory/2692-196-0x000002002DF00000-0x000002002DF10000-memory.dmp

Filesize
64KB

Download
memory/2692-197-0x000002002C3F0000-0x000002002C3F1000-memory.dmp

Filesize
4KB

Download
memory/2692-198-0x000002002DF10000-0x000002002DF20000-memory.dmp

Filesize
64KB

Download
memory/4460-14-0x0000026DAE510000-0x0000026DAE780000-memory.dmp

Filesize
2.4MB

Download
memory/4460-24-0x0000026DACC20000-0x0000026DACC21000-memory.dmp

Filesize
4KB

Download
memory/4460-25-0x0000026DAE510000-0x0000026DAE780000-memory.dmp

Filesize
2.4MB

Download