8a516f2df2e8f496a4bf7866036797959e63bbb6658e1f82b671b85227afecb5

Resubmissions

05-06-2021 18:38

05-06-2021 18:30

Target

Grossly Minecraft 1..exe
Size

8.4MB
MD5

7c6c6b9e9111447af1236378c02566c2
SHA1

21340606037756badc4332a8217545dd47e9f24b
SHA256

8a516f2df2e8f496a4bf7866036797959e63bbb6658e1f82b671b85227afecb5
SHA512

2a64e4d159cfc1748eb4768d6072df5c6014a01c81681d26aa35ec9ec1e9346fd3961f51d3db5ff424120ee01486b7f92685d0ec8e935488f2b82cd2b40a2745

Score

4^/10

Drops file in Program Files directory 12 IoCs

Processes:

javaw.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

Grossly Minecraft 1..exe

description	pid	process	target process
PID 2192 wrote to memory of 1416	2192	Grossly Minecraft 1..exe	javaw.exe
PID 2192 wrote to memory of 1416	2192	Grossly Minecraft 1..exe	javaw.exe

C:\Users\Admin\AppData\Local\Temp\Grossly Minecraft 1..exe
"C:\Users\Admin\AppData\Local\Temp\Grossly Minecraft 1..exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\Grossly Minecraft 1..exe" org.develnext.jphp.ext.javafx.FXLauncher
2⤵
- Drops file in Program Files directory
PID:1416

memory/1416-114-0x0000000000000000-mapping.dmp

Download
memory/1416-115-0x0000000003150000-0x00000000033C0000-memory.dmp

Filesize
2.4MB

Download
memory/1416-116-0x00000000014D0000-0x00000000014D1000-memory.dmp

Filesize
4KB

Download
memory/1416-120-0x00000000033C0000-0x00000000033D0000-memory.dmp

Filesize
64KB

Download
memory/1416-121-0x00000000033D0000-0x00000000033E0000-memory.dmp

Filesize
64KB

Download
memory/1416-124-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/1416-126-0x00000000033F0000-0x0000000003400000-memory.dmp

Filesize
64KB

Download
memory/1416-128-0x0000000003400000-0x0000000003410000-memory.dmp

Filesize
64KB

Download
memory/1416-127-0x0000000003430000-0x0000000003440000-memory.dmp

Filesize
64KB

Download
memory/1416-129-0x0000000003410000-0x0000000003420000-memory.dmp

Filesize
64KB

Download
memory/1416-130-0x0000000003420000-0x0000000003430000-memory.dmp

Filesize
64KB

Download
memory/1416-131-0x0000000003440000-0x0000000003450000-memory.dmp

Filesize
64KB

Download