Analysis
-
max time kernel
24s -
max time network
144s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
05-06-2021 18:30
Static task
static1
Behavioral task
behavioral1
Sample
Grossly Minecraft 1..exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Grossly Minecraft 1..exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
Grossly Minecraft 1..exe
-
Size
8.4MB
-
MD5
7c6c6b9e9111447af1236378c02566c2
-
SHA1
21340606037756badc4332a8217545dd47e9f24b
-
SHA256
8a516f2df2e8f496a4bf7866036797959e63bbb6658e1f82b671b85227afecb5
-
SHA512
2a64e4d159cfc1748eb4768d6072df5c6014a01c81681d26aa35ec9ec1e9346fd3961f51d3db5ff424120ee01486b7f92685d0ec8e935488f2b82cd2b40a2745
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 12 IoCs
Processes:
javaw.exedescription ioc process File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb javaw.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
Grossly Minecraft 1..exedescription pid process target process PID 2192 wrote to memory of 1416 2192 Grossly Minecraft 1..exe javaw.exe PID 2192 wrote to memory of 1416 2192 Grossly Minecraft 1..exe javaw.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Grossly Minecraft 1..exe"C:\Users\Admin\AppData\Local\Temp\Grossly Minecraft 1..exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\Grossly Minecraft 1..exe" org.develnext.jphp.ext.javafx.FXLauncher2⤵
- Drops file in Program Files directory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1416-114-0x0000000000000000-mapping.dmp
-
memory/1416-115-0x0000000003150000-0x00000000033C0000-memory.dmpFilesize
2.4MB
-
memory/1416-116-0x00000000014D0000-0x00000000014D1000-memory.dmpFilesize
4KB
-
memory/1416-120-0x00000000033C0000-0x00000000033D0000-memory.dmpFilesize
64KB
-
memory/1416-121-0x00000000033D0000-0x00000000033E0000-memory.dmpFilesize
64KB
-
memory/1416-124-0x00000000033E0000-0x00000000033F0000-memory.dmpFilesize
64KB
-
memory/1416-126-0x00000000033F0000-0x0000000003400000-memory.dmpFilesize
64KB
-
memory/1416-128-0x0000000003400000-0x0000000003410000-memory.dmpFilesize
64KB
-
memory/1416-127-0x0000000003430000-0x0000000003440000-memory.dmpFilesize
64KB
-
memory/1416-129-0x0000000003410000-0x0000000003420000-memory.dmpFilesize
64KB
-
memory/1416-130-0x0000000003420000-0x0000000003430000-memory.dmpFilesize
64KB
-
memory/1416-131-0x0000000003440000-0x0000000003450000-memory.dmpFilesize
64KB