359ac7b1e8531ed6ce9f9a8e8cd8932f7a4fca0fc149008d702e395208c98cec

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bin/UbuilderB.exe
Size

3.6MB
MD5

f474baf2f922f8485752170cc261a72b
SHA1

7e447654e04a91a578a22da5f95d0827e543740e
SHA256

2f9a39635d6a379577b073945477609c3ab3656c4adc54a0d7cce23c4432c04f
SHA512

5bf9f3ddf527ebe14c610be6e6d525917f8fd7cbc697d1d308044a06ee7587977737c88d8ffc83508d1e8714efb761c05d38ef16037bd63862c419174c3cdd33
SSDEEP

98304:D3yMS4vp4iKTBrHJWGs2NyqeoNE/7SRYY6:Dp4iKTVHJack+s

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

940 icacls.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

javaw.exe

pid process

1008 javaw.exe
1008 javaw.exe

pid	process
940	icacls.exe

pid	process
1008	javaw.exe
1008	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

UbuilderB.exejavaw.exe

description	pid	process	target process
PID 4420 wrote to memory of 1008	4420	UbuilderB.exe	javaw.exe
PID 4420 wrote to memory of 1008	4420	UbuilderB.exe	javaw.exe
PID 1008 wrote to memory of 940	1008	javaw.exe	icacls.exe
PID 1008 wrote to memory of 940	1008	javaw.exe	icacls.exe

C:\Users\Admin\AppData\Local\Temp\bin\UbuilderB.exe
"C:\Users\Admin\AppData\Local\Temp\bin\UbuilderB.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4420

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\bin\UbuilderB.exe" org.develnext.jphp.ext.javafx.FXLauncher
2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1008

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
3⤵
- Modifies file permissions
PID:940

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
31b1e09786e3a37760d4ad65c48e097a

SHA1
2dbf79fa71ce91cce32d16cb7eda052a82844309

SHA256
a0efff66eba6c4edc9c69977eb60966a19545c52bbdebeb04c8814f3e1ab89b7

SHA512
08a7eb228b0e918158ecdc266d865584a7bd0f5602897f8695aadee223dfb7cfe42fb39237c9503b92949e025c2c962925d2319f848aa023d74f02c9cfad221f

Download Submit
memory/1008-3-0x000001C9D37E0000-0x000001C9D3A50000-memory.dmp

Filesize
2.4MB

Download
memory/1008-13-0x000001C9D1F00000-0x000001C9D1F01000-memory.dmp

Filesize
4KB

Download
memory/1008-15-0x000001C9D3A50000-0x000001C9D3A60000-memory.dmp

Filesize
64KB

Download
memory/1008-17-0x000001C9D3A60000-0x000001C9D3A70000-memory.dmp

Filesize
64KB

Download
memory/1008-19-0x000001C9D3A70000-0x000001C9D3A80000-memory.dmp

Filesize
64KB

Download
memory/1008-22-0x000001C9D3A80000-0x000001C9D3A90000-memory.dmp

Filesize
64KB

Download
memory/1008-27-0x000001C9D3A90000-0x000001C9D3AA0000-memory.dmp

Filesize
64KB

Download
memory/1008-31-0x000001C9D3AB0000-0x000001C9D3AC0000-memory.dmp

Filesize
64KB

Download
memory/1008-33-0x000001C9D3AC0000-0x000001C9D3AD0000-memory.dmp

Filesize
64KB

Download
memory/1008-37-0x000001C9D3AD0000-0x000001C9D3AE0000-memory.dmp

Filesize
64KB

Download
memory/1008-46-0x000001C9D3B10000-0x000001C9D3B20000-memory.dmp

Filesize
64KB

Download
memory/1008-49-0x000001C9D3B20000-0x000001C9D3B30000-memory.dmp

Filesize
64KB

Download
memory/1008-48-0x000001C9D3A60000-0x000001C9D3A70000-memory.dmp

Filesize
64KB

Download
memory/1008-53-0x000001C9D3B30000-0x000001C9D3B40000-memory.dmp

Filesize
64KB

Download
memory/1008-52-0x000001C9D3A70000-0x000001C9D3A80000-memory.dmp

Filesize
64KB

Download
memory/1008-58-0x000001C9D3B40000-0x000001C9D3B50000-memory.dmp

Filesize
64KB

Download
memory/1008-62-0x000001C9D3B50000-0x000001C9D3B60000-memory.dmp

Filesize
64KB

Download
memory/1008-61-0x000001C9D3A90000-0x000001C9D3AA0000-memory.dmp

Filesize
64KB

Download
memory/1008-65-0x000001C9D3AA0000-0x000001C9D3AB0000-memory.dmp

Filesize
64KB

Download
memory/1008-66-0x000001C9D3B60000-0x000001C9D3B70000-memory.dmp

Filesize
64KB

Download
memory/1008-57-0x000001C9D3A80000-0x000001C9D3A90000-memory.dmp

Filesize
64KB

Download
memory/1008-74-0x000001C9D3B90000-0x000001C9D3BA0000-memory.dmp

Filesize
64KB

Download
memory/1008-79-0x000001C9D3BA0000-0x000001C9D3BB0000-memory.dmp

Filesize
64KB

Download
memory/1008-83-0x000001C9D3BB0000-0x000001C9D3BC0000-memory.dmp

Filesize
64KB

Download
memory/1008-85-0x000001C9D3BC0000-0x000001C9D3BD0000-memory.dmp

Filesize
64KB

Download
memory/1008-93-0x000001C9D3BF0000-0x000001C9D3C00000-memory.dmp

Filesize
64KB

Download
memory/1008-92-0x000001C9D3B30000-0x000001C9D3B40000-memory.dmp

Filesize
64KB

Download
memory/1008-96-0x000001C9D3C00000-0x000001C9D3C10000-memory.dmp

Filesize
64KB

Download
memory/1008-102-0x000001C9D3C20000-0x000001C9D3C30000-memory.dmp

Filesize
64KB

Download
memory/1008-111-0x000001C9D1F00000-0x000001C9D1F01000-memory.dmp

Filesize
4KB

Download
memory/1008-119-0x000001C9D3C80000-0x000001C9D3C90000-memory.dmp

Filesize
64KB

Download
memory/1008-126-0x000001C9D3CA0000-0x000001C9D3CB0000-memory.dmp

Filesize
64KB

Download
memory/1008-125-0x000001C9D3BE0000-0x000001C9D3BF0000-memory.dmp

Filesize
64KB

Download
memory/1008-131-0x000001C9D3CB0000-0x000001C9D3CC0000-memory.dmp

Filesize
64KB

Download
memory/1008-141-0x000001C9D3CF0000-0x000001C9D3D00000-memory.dmp

Filesize
64KB

Download
memory/1008-140-0x000001C9D3CE0000-0x000001C9D3CF0000-memory.dmp

Filesize
64KB

Download
memory/1008-139-0x000001C9D3C10000-0x000001C9D3C20000-memory.dmp

Filesize
64KB

Download
memory/1008-138-0x000001C9D3C00000-0x000001C9D3C10000-memory.dmp

Filesize
64KB

Download
memory/1008-149-0x000001C9D3CD0000-0x000001C9D3CE0000-memory.dmp

Filesize
64KB

Download
memory/1008-153-0x000001C9D3D10000-0x000001C9D3D20000-memory.dmp

Filesize
64KB

Download
memory/1008-152-0x000001C9D3C50000-0x000001C9D3C60000-memory.dmp

Filesize
64KB

Download
memory/1008-156-0x000001C9D3D20000-0x000001C9D3D30000-memory.dmp

Filesize
64KB

Download
memory/1008-155-0x000001C9D3C60000-0x000001C9D3C70000-memory.dmp

Filesize
64KB

Download
memory/1008-168-0x000001C9D3D60000-0x000001C9D3D70000-memory.dmp

Filesize
64KB

Download
memory/1008-173-0x000001C9D3D70000-0x000001C9D3D80000-memory.dmp

Filesize
64KB

Download
memory/1008-172-0x000001C9D3CB0000-0x000001C9D3CC0000-memory.dmp

Filesize
64KB

Download
memory/1008-170-0x000001C9D1F00000-0x000001C9D1F01000-memory.dmp

Filesize
4KB

Download
memory/1008-167-0x000001C9D3CA0000-0x000001C9D3CB0000-memory.dmp

Filesize
64KB

Download
memory/1008-179-0x000001C9D3D90000-0x000001C9D3DA0000-memory.dmp

Filesize
64KB

Download
memory/1008-182-0x000001C9D3CE0000-0x000001C9D3CF0000-memory.dmp

Filesize
64KB

Download
memory/1008-178-0x000001C9D3D80000-0x000001C9D3D90000-memory.dmp

Filesize
64KB

Download
memory/1008-177-0x000001C9D3CC0000-0x000001C9D3CD0000-memory.dmp

Filesize
64KB

Download
memory/1008-203-0x000001C9D1F00000-0x000001C9D1F01000-memory.dmp

Filesize
4KB

Download
memory/1008-166-0x000001C9D3D50000-0x000001C9D3D60000-memory.dmp

Filesize
64KB

Download
memory/1008-165-0x000001C9D3C90000-0x000001C9D3CA0000-memory.dmp

Filesize
64KB

Download
memory/1008-162-0x000001C9D3D40000-0x000001C9D3D50000-memory.dmp

Filesize
64KB

Download
memory/1008-161-0x000001C9D3D30000-0x000001C9D3D40000-memory.dmp

Filesize
64KB

Download
memory/1008-160-0x000001C9D3C80000-0x000001C9D3C90000-memory.dmp

Filesize
64KB

Download
memory/1008-159-0x000001C9D3C70000-0x000001C9D3C80000-memory.dmp

Filesize
64KB

Download
memory/1008-151-0x000001C9D3C40000-0x000001C9D3C50000-memory.dmp

Filesize
64KB

Download
memory/1008-150-0x000001C9D3C30000-0x000001C9D3C40000-memory.dmp

Filesize
64KB

Download
memory/1008-148-0x000001C9D3C20000-0x000001C9D3C30000-memory.dmp

Filesize
64KB

Download
memory/1008-143-0x000001C9D3D00000-0x000001C9D3D10000-memory.dmp

Filesize
64KB

Download
memory/1008-136-0x000001C9D3CC0000-0x000001C9D3CD0000-memory.dmp

Filesize
64KB

Download
memory/1008-135-0x000001C9D3BF0000-0x000001C9D3C00000-memory.dmp

Filesize
64KB

Download
memory/1008-130-0x000001C9D3BD0000-0x000001C9D3BE0000-memory.dmp

Filesize
64KB

Download
memory/1008-124-0x000001C9D3BC0000-0x000001C9D3BD0000-memory.dmp

Filesize
64KB

Download
memory/1008-122-0x000001C9D3C90000-0x000001C9D3CA0000-memory.dmp

Filesize
64KB

Download
memory/1008-121-0x000001C9D3BB0000-0x000001C9D3BC0000-memory.dmp

Filesize
64KB

Download
memory/1008-118-0x000001C9D3C70000-0x000001C9D3C80000-memory.dmp

Filesize
64KB

Download
memory/1008-117-0x000001C9D3BA0000-0x000001C9D3BB0000-memory.dmp

Filesize
64KB

Download
memory/1008-115-0x000001C9D3C60000-0x000001C9D3C70000-memory.dmp

Filesize
64KB

Download
memory/1008-114-0x000001C9D3B90000-0x000001C9D3BA0000-memory.dmp

Filesize
64KB

Download
memory/1008-110-0x000001C9D3C50000-0x000001C9D3C60000-memory.dmp

Filesize
64KB

Download
memory/1008-109-0x000001C9D3C40000-0x000001C9D3C50000-memory.dmp

Filesize
64KB

Download
memory/1008-107-0x000001C9D3B80000-0x000001C9D3B90000-memory.dmp

Filesize
64KB

Download
memory/1008-108-0x000001C9D3C30000-0x000001C9D3C40000-memory.dmp

Filesize
64KB

Download
memory/1008-106-0x000001C9D3B70000-0x000001C9D3B80000-memory.dmp

Filesize
64KB

Download
memory/1008-101-0x000001C9D3B60000-0x000001C9D3B70000-memory.dmp

Filesize
64KB

Download
memory/1008-100-0x000001C9D3C10000-0x000001C9D3C20000-memory.dmp

Filesize
64KB

Download
memory/1008-272-0x000001C9D1F00000-0x000001C9D1F01000-memory.dmp

Filesize
4KB

Download
memory/1008-99-0x000001C9D3B50000-0x000001C9D3B60000-memory.dmp

Filesize
64KB

Download
memory/1008-95-0x000001C9D3B40000-0x000001C9D3B50000-memory.dmp

Filesize
64KB

Download
memory/1008-91-0x000001C9D3BE0000-0x000001C9D3BF0000-memory.dmp

Filesize
64KB

Download
memory/1008-90-0x000001C9D3BD0000-0x000001C9D3BE0000-memory.dmp

Filesize
64KB

Download
memory/1008-89-0x000001C9D3B20000-0x000001C9D3B30000-memory.dmp

Filesize
64KB

Download
memory/1008-84-0x000001C9D3B10000-0x000001C9D3B20000-memory.dmp

Filesize
64KB

Download
memory/1008-82-0x000001C9D3AF0000-0x000001C9D3B00000-memory.dmp

Filesize
64KB

Download
memory/1008-81-0x000001C9D3AE0000-0x000001C9D3AF0000-memory.dmp

Filesize
64KB

Download
memory/1008-77-0x000001C9D3B00000-0x000001C9D3B10000-memory.dmp

Filesize
64KB

Download
memory/1008-76-0x000001C9D3AD0000-0x000001C9D3AE0000-memory.dmp

Filesize
64KB

Download
memory/1008-73-0x000001C9D3AC0000-0x000001C9D3AD0000-memory.dmp

Filesize
64KB

Download
memory/1008-71-0x000001C9D3B80000-0x000001C9D3B90000-memory.dmp

Filesize
64KB

Download
memory/1008-70-0x000001C9D3B70000-0x000001C9D3B80000-memory.dmp

Filesize
64KB

Download
memory/1008-69-0x000001C9D3AB0000-0x000001C9D3AC0000-memory.dmp

Filesize
64KB

Download
memory/1008-45-0x000001C9D3A50000-0x000001C9D3A60000-memory.dmp

Filesize
64KB

Download
memory/1008-44-0x000001C9D1F00000-0x000001C9D1F01000-memory.dmp

Filesize
4KB

Download
memory/1008-42-0x000001C9D3AF0000-0x000001C9D3B00000-memory.dmp

Filesize
64KB

Download
memory/1008-41-0x000001C9D3AE0000-0x000001C9D3AF0000-memory.dmp

Filesize
64KB

Download
memory/1008-40-0x000001C9D3B00000-0x000001C9D3B10000-memory.dmp

Filesize
64KB

Download
memory/1008-39-0x000001C9D37E0000-0x000001C9D3A50000-memory.dmp

Filesize
2.4MB

Download
memory/1008-29-0x000001C9D3AA0000-0x000001C9D3AB0000-memory.dmp

Filesize
64KB

Download
memory/4420-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download