4097035fd7cac64d82e5250a3a691d2985b2c4894b91c258391ee6592fc1f61a

Resubmissions

12-08-2024 17:47

240812-wdcepssark 8

Analysis

max time kernel
134s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
12-08-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Burpy/loader.jar
Size

29KB
MD5

56a0eef3a96bf373db1298bc6cb63158
SHA1

f9fb9175a901f4fede20b9d61eb4fadafdd1feea
SHA256

1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3
SHA512

d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492
SSDEEP

768:ccLie6lYEKyYSfk8tyPAR8NVgJMvtWHw1QgHpA:NLie6lYEKyYSfkwNY+MvtuWQgG

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1020 icacls.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

java.exe

pid process

3052 java.exe
3052 java.exe

pid	process
1020	icacls.exe

pid	process
3052	java.exe
3052	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

java.exe

description	pid	process	target process
PID 3052 wrote to memory of 1020	3052	java.exe	icacls.exe
PID 3052 wrote to memory of 1020	3052	java.exe	icacls.exe
PID 3052 wrote to memory of 4056	3052	java.exe	java.exe
PID 3052 wrote to memory of 4056	3052	java.exe	java.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Burpy\loader.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1020

C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -version
2⤵
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
7e8a75945aba4c95ee0c90d28b2cd4eb

SHA1
4f42ed1da1e71984ab5374146bedb54fa2bd6147

SHA256
2777f45af8a3b28b58d18345fe347210f1fa1cf8a8fca3515aefb7ca9f85bd6f

SHA512
30fb3d5c60b38c49d3ff62c18de70bfa2d8d3dc446309da47ba7332d2eaaccac05f25933e73a6bdfba8ef668373451c09cc5493ab46c4a1dccb8e1bc49fe432c

Download Submit
memory/3052-63-0x00000205435E0000-0x00000205435F0000-memory.dmp

Filesize
64KB

Download
memory/3052-101-0x00000205435C0000-0x00000205435D0000-memory.dmp

Filesize
64KB

Download
memory/3052-18-0x0000020543530000-0x0000020543540000-memory.dmp

Filesize
64KB

Download
memory/3052-23-0x0000020543550000-0x0000020543560000-memory.dmp

Filesize
64KB

Download
memory/3052-22-0x0000020543540000-0x0000020543550000-memory.dmp

Filesize
64KB

Download
memory/3052-24-0x0000020543560000-0x0000020543570000-memory.dmp

Filesize
64KB

Download
memory/3052-59-0x0000020543520000-0x0000020543530000-memory.dmp

Filesize
64KB

Download
memory/3052-29-0x0000020543580000-0x0000020543590000-memory.dmp

Filesize
64KB

Download
memory/3052-30-0x0000020543590000-0x00000205435A0000-memory.dmp

Filesize
64KB

Download
memory/3052-32-0x00000205435A0000-0x00000205435B0000-memory.dmp

Filesize
64KB

Download
memory/3052-36-0x00000205435B0000-0x00000205435C0000-memory.dmp

Filesize
64KB

Download
memory/3052-106-0x0000020543610000-0x0000020543620000-memory.dmp

Filesize
64KB

Download
memory/3052-105-0x0000020543600000-0x0000020543610000-memory.dmp

Filesize
64KB

Download
memory/3052-104-0x00000205435F0000-0x0000020543600000-memory.dmp

Filesize
64KB

Download
memory/3052-53-0x0000020541AA0000-0x0000020541AA1000-memory.dmp

Filesize
4KB

Download
memory/3052-57-0x00000205435C0000-0x00000205435D0000-memory.dmp

Filesize
64KB

Download
memory/3052-56-0x00000205432B0000-0x0000020543520000-memory.dmp

Filesize
2.4MB

Download
memory/3052-62-0x0000020543530000-0x0000020543540000-memory.dmp

Filesize
64KB

Download
memory/3052-27-0x0000020543570000-0x0000020543580000-memory.dmp

Filesize
64KB

Download
memory/3052-16-0x0000020543520000-0x0000020543530000-memory.dmp

Filesize
64KB

Download
memory/3052-60-0x00000205435D0000-0x00000205435E0000-memory.dmp

Filesize
64KB

Download
memory/3052-69-0x0000020543560000-0x0000020543570000-memory.dmp

Filesize
64KB

Download
memory/3052-70-0x0000020543600000-0x0000020543610000-memory.dmp

Filesize
64KB

Download
memory/3052-68-0x00000205435F0000-0x0000020543600000-memory.dmp

Filesize
64KB

Download
memory/3052-66-0x0000020543540000-0x0000020543550000-memory.dmp

Filesize
64KB

Download
memory/3052-67-0x0000020543550000-0x0000020543560000-memory.dmp

Filesize
64KB

Download
memory/3052-72-0x0000020543570000-0x0000020543580000-memory.dmp

Filesize
64KB

Download
memory/3052-73-0x0000020543610000-0x0000020543620000-memory.dmp

Filesize
64KB

Download
memory/3052-79-0x0000020541AA0000-0x0000020541AA1000-memory.dmp

Filesize
4KB

Download
memory/3052-95-0x0000020541AA0000-0x0000020541AA1000-memory.dmp

Filesize
4KB

Download
memory/3052-96-0x0000020543580000-0x0000020543590000-memory.dmp

Filesize
64KB

Download
memory/3052-97-0x0000020543590000-0x00000205435A0000-memory.dmp

Filesize
64KB

Download
memory/3052-99-0x00000205435A0000-0x00000205435B0000-memory.dmp

Filesize
64KB

Download
memory/3052-100-0x00000205435B0000-0x00000205435C0000-memory.dmp

Filesize
64KB

Download
memory/3052-2-0x00000205432B0000-0x0000020543520000-memory.dmp

Filesize
2.4MB

Download
memory/3052-102-0x00000205435D0000-0x00000205435E0000-memory.dmp

Filesize
64KB

Download
memory/3052-103-0x00000205435E0000-0x00000205435F0000-memory.dmp

Filesize
64KB

Download
memory/4056-52-0x0000013269110000-0x0000013269380000-memory.dmp

Filesize
2.4MB

Download
memory/4056-51-0x0000013267AD0000-0x0000013267AD1000-memory.dmp

Filesize
4KB

Download
memory/4056-41-0x0000013269110000-0x0000013269380000-memory.dmp

Filesize
2.4MB

Download