52cd65f3b16c2070d34e26f5794b0b024c8a607b7d03e6cd82a439027eae525a

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Burpy-main/loader.jar
Size

29KB
MD5

56a0eef3a96bf373db1298bc6cb63158
SHA1

f9fb9175a901f4fede20b9d61eb4fadafdd1feea
SHA256

1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3
SHA512

d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492
SSDEEP

768:ccLie6lYEKyYSfk8tyPAR8NVgJMvtWHw1QgHpA:NLie6lYEKyYSfkwNY+MvtuWQgG

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4520 icacls.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

java.exe

pid process

4132 java.exe
4132 java.exe

pid	process
4520	icacls.exe

pid	process
4132	java.exe
4132	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

java.exe

description	pid	process	target process
PID 4132 wrote to memory of 4520	4132	java.exe	icacls.exe
PID 4132 wrote to memory of 4520	4132	java.exe	icacls.exe
PID 4132 wrote to memory of 2332	4132	java.exe	java.exe
PID 4132 wrote to memory of 2332	4132	java.exe	java.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\loader.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4132

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:4520

C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -version
2⤵
PID:2332

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
5ba0476865bd18d9e31dfcc464639b98

SHA1
639c4d2c23d69213005c7a6434db551f19f62c14

SHA256
9df8fc973c3858334e566994eefa288bb9728c2636dce0fa4e14aa35d052596b

SHA512
96fd637479bd391d555497d7317fb4fad177e5374acf2da32398f231db50d52b09ccfb5297793edc8a28628e256577e25afcf52f464677cc214020c26982e016

Download Submit
memory/2332-41-0x000001AA09B60000-0x000001AA09DD0000-memory.dmp

Filesize
2.4MB

Download
memory/2332-53-0x000001AA09B60000-0x000001AA09DD0000-memory.dmp

Filesize
2.4MB

Download
memory/2332-51-0x000001AA082F0000-0x000001AA082F1000-memory.dmp

Filesize
4KB

Download
memory/4132-63-0x000002363ABE0000-0x000002363ABF0000-memory.dmp

Filesize
64KB

Download
memory/4132-19-0x000002363ABE0000-0x000002363ABF0000-memory.dmp

Filesize
64KB

Download
memory/4132-71-0x000002363ACB0000-0x000002363ACC0000-memory.dmp

Filesize
64KB

Download
memory/4132-26-0x000002363AC20000-0x000002363AC30000-memory.dmp

Filesize
64KB

Download
memory/4132-31-0x000002363AC40000-0x000002363AC50000-memory.dmp

Filesize
64KB

Download
memory/4132-30-0x000002363AC30000-0x000002363AC40000-memory.dmp

Filesize
64KB

Download
memory/4132-34-0x000002363AC50000-0x000002363AC60000-memory.dmp

Filesize
64KB

Download
memory/4132-70-0x000002363AC10000-0x000002363AC20000-memory.dmp

Filesize
64KB

Download
memory/4132-43-0x00000236390F0000-0x00000236390F1000-memory.dmp

Filesize
4KB

Download
memory/4132-20-0x000002363ABF0000-0x000002363AC00000-memory.dmp

Filesize
64KB

Download
memory/4132-52-0x000002363AC60000-0x000002363AC70000-memory.dmp

Filesize
64KB

Download
memory/4132-17-0x000002363ABD0000-0x000002363ABE0000-memory.dmp

Filesize
64KB

Download
memory/4132-68-0x000002363ACA0000-0x000002363ACB0000-memory.dmp

Filesize
64KB

Download
memory/4132-57-0x000002363A960000-0x000002363ABD0000-memory.dmp

Filesize
2.4MB

Download
memory/4132-61-0x000002363AC80000-0x000002363AC90000-memory.dmp

Filesize
64KB

Download
memory/4132-60-0x000002363ABD0000-0x000002363ABE0000-memory.dmp

Filesize
64KB

Download
memory/4132-65-0x000002363AC90000-0x000002363ACA0000-memory.dmp

Filesize
64KB

Download
memory/4132-64-0x000002363ABF0000-0x000002363AC00000-memory.dmp

Filesize
64KB

Download
memory/4132-2-0x000002363A960000-0x000002363ABD0000-memory.dmp

Filesize
2.4MB

Download
memory/4132-67-0x000002363AC00000-0x000002363AC10000-memory.dmp

Filesize
64KB

Download
memory/4132-58-0x000002363AC70000-0x000002363AC80000-memory.dmp

Filesize
64KB

Download
memory/4132-22-0x000002363AC00000-0x000002363AC10000-memory.dmp

Filesize
64KB

Download
memory/4132-25-0x000002363AC10000-0x000002363AC20000-memory.dmp

Filesize
64KB

Download
memory/4132-75-0x000002363ACC0000-0x000002363ACD0000-memory.dmp

Filesize
64KB

Download
memory/4132-74-0x000002363AC20000-0x000002363AC30000-memory.dmp

Filesize
64KB

Download
memory/4132-78-0x000002363AC30000-0x000002363AC40000-memory.dmp

Filesize
64KB

Download
memory/4132-83-0x000002363AC50000-0x000002363AC60000-memory.dmp

Filesize
64KB

Download
memory/4132-82-0x000002363ACE0000-0x000002363ACF0000-memory.dmp

Filesize
64KB

Download
memory/4132-81-0x000002363ACD0000-0x000002363ACE0000-memory.dmp

Filesize
64KB

Download
memory/4132-80-0x000002363AC40000-0x000002363AC50000-memory.dmp

Filesize
64KB

Download
memory/4132-84-0x00000236390F0000-0x00000236390F1000-memory.dmp

Filesize
4KB

Download
memory/4132-86-0x000002363ACF0000-0x000002363AD00000-memory.dmp

Filesize
64KB

Download
memory/4132-88-0x000002363AC60000-0x000002363AC70000-memory.dmp

Filesize
64KB

Download
memory/4132-90-0x000002363AC70000-0x000002363AC80000-memory.dmp

Filesize
64KB

Download
memory/4132-91-0x000002363AC80000-0x000002363AC90000-memory.dmp

Filesize
64KB

Download
memory/4132-92-0x000002363AC90000-0x000002363ACA0000-memory.dmp

Filesize
64KB

Download
memory/4132-94-0x000002363ACA0000-0x000002363ACB0000-memory.dmp

Filesize
64KB

Download
memory/4132-96-0x000002363ACB0000-0x000002363ACC0000-memory.dmp

Filesize
64KB

Download
memory/4132-97-0x000002363ACC0000-0x000002363ACD0000-memory.dmp

Filesize
64KB

Download
memory/4132-98-0x000002363ACD0000-0x000002363ACE0000-memory.dmp

Filesize
64KB

Download
memory/4132-99-0x000002363ACE0000-0x000002363ACF0000-memory.dmp

Filesize
64KB

Download
memory/4132-100-0x000002363ACF0000-0x000002363AD00000-memory.dmp

Filesize
64KB

Download