Analysis
-
max time kernel
452s -
max time network
521s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
20-06-2021 23:04
Static task
static1
Behavioral task
behavioral1
Sample
ProstoLauncher.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ProstoLauncher.exe
Resource
win10v20210408
General
-
Target
ProstoLauncher.exe
-
Size
157KB
-
MD5
7410df6db7dd9dfc0c4103efa8d13fc9
-
SHA1
ea2f19e981509d96ec2c775af8a1d158e79bfca4
-
SHA256
e1cdac7f4cf342ffde7d1f1fd9ea4788166bc4f9bfe3706ba5ab71af38682f33
-
SHA512
841809c71e617f90538893652174960efa67662b5d72d6d33bf131804140a2c57b51be2b25f865d33410cc419715a7d6a597ad1e16b05c85a44a447d9642191a
Malware Config
Signatures
-
Detected phishing page
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
Processes:
javaw.exepid process 1732 javaw.exe -
Loads dropped DLL 9 IoCs
Processes:
javaw.exepid process 1732 javaw.exe 1732 javaw.exe 1732 javaw.exe 1732 javaw.exe 1732 javaw.exe 1732 javaw.exe 1732 javaw.exe 1732 javaw.exe 1732 javaw.exe -
Drops desktop.ini file(s) 1 IoCs
Processes:
ProstoLauncher.exedescription ioc process File created C:\Users\Admin\.prostocraft\client\prostocraft\assets\minecraft\font\desktop.ini ProstoLauncher.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ProstoLauncher.exedescription pid process Token: SeDebugPrivilege 3128 ProstoLauncher.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
ProstoLauncher.exedescription pid process target process PID 3128 wrote to memory of 1732 3128 ProstoLauncher.exe javaw.exe PID 3128 wrote to memory of 1732 3128 ProstoLauncher.exe javaw.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ProstoLauncher.exe"C:\Users\Admin\AppData\Local\Temp\ProstoLauncher.exe"1⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\javaw.exe"C:\Users\Admin\.prostocraft\jre_launcher\bin\javaw.exe" -Xmx256M -XX:+DisableAttachMechanism -DdisableOldUpdateSystem=true -jar "C:\Users\Admin\.prostocraft\launcher.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\java.dllMD5
3f31721d9d07e16703822163852ad595
SHA1eb4fbcaa5a15aa5809c32abec87d9ed6b0d1959b
SHA256f8620213358c4e63e8c04e095db383f8f39170a9360dd33dbd600ea750a00efc
SHA51257fda13b745a0b91cf7bcf171f8de7a3537c45d16fbe59c4659502ba69efc6aec786edb0839195c240ca4dc1407138a92e8969410c59e88b0eaf77b4820f2199
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\javaw.exeMD5
a7e2be2458fc570315febd27f44bf01e
SHA12276d27477ea32a5cf6cbf37bd73b961c2ca791a
SHA256f1092d1203289bc6c0f05982d3ccd741075eedcd1d3022affb735b4eb0b62b19
SHA51296f8b285748951679083528f164f3e713c16fb10fe4342674287d963340313577f4cd85e5db6f06037e595492133b9d71ef420aa70fa67786b5b184b502d181a
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\management.dllMD5
104c87698afab216ba46a12d3249fdd2
SHA1f5866a5abe8246261d304a99e88a049a9f733c6f
SHA256334002d1fd15a0bc3b364da760c21f5b37e7577843fe741483b007d750e47037
SHA5126429a5ecc59c7e6e8c43f566873f76d226e1228d75ab8eb3f00f44dcc0e0e9fe2bf79216138381b2f62b8256ec08e96b74ca145a76e1a534e53f681bb3cdf11f
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\msvcr100.dllMD5
366fd6f3a451351b5df2d7c4ecf4c73a
SHA150db750522b9630757f91b53df377fd4ed4e2d66
SHA256ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5
SHA5122de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\net.dllMD5
cb8432a2d628e71cbc64cdf482acebc9
SHA13a4e39e7f7fbb4035e7dc84647daec8df1b0c5a0
SHA256fa86cfe0062b72f3ce803fde6132b8ab2f976a0bf988398e748c376bba178af0
SHA51272173b3d64cc529bbbdd17f56bd08648c732158ed11ad685d01fe5e306900046e562e1c5e187c8c586b6d481401717f2bb3d8b4f7d153fc035b2e5d67ef77e21
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\nio.dllMD5
087ebc333bed4c5098bdc791bb3268b1
SHA1bf05182a4df4d51b1b1128f87874d997c1cf8be0
SHA256765a2f4c750b53627f0549641cb998e01ccfa56c40e9d847825d7982e5a0318b
SHA5127ee2d1c095afb12d638069bf6ecac59f79c48d7e06f428bd52fb8c793ddaa9919a99dd53e8c2c495bc372641875f132ccc3e3808e298f910793a789bc829acc6
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\server\jvm.dllMD5
5008d1e765a674700b11cd8f2080afa0
SHA103bc819591f2c9bbc640f74f73d0bb679b232e70
SHA2562337c9c4ab16d8e78dc54f7cde3353e75a18a286283a650d5dd318a2cdcc481a
SHA51234ab0c1153e692fdc9b5e46771d3dd9daf1bacb751c70ae24b9b29426badf1e908202f12d8028b2810596b85b67972666a57c3a710dba3969e8eb6201986c5fa
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\sunec.dllMD5
50561e132453081ab3be005bf6796d90
SHA1b5462b6855123a525d79331bd25a70cd4f3ce1e4
SHA25655fd9666ca27bcd48b5a86ed39d524a5b677b2e4857f7605bd72b6657c2ce995
SHA51278944d894798de8da9ff21407155378f26462508e441c829dc31e09e3217e4c2f35d255f13b54e439e1ad8e1d798696fe8dbc96483dd3c1e93ecda99bfdf525a
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\verify.dllMD5
e2e4d70319b2c6f1d0f3518dcdec41f9
SHA1c06ad7b35aab3d0e7517e8da6ec771b86864822a
SHA2562d05c3f8ae307ffff9904524af3a2f30b31f973fa68d9ac3dc76f1efbdabe9fd
SHA51253ec25c59d1f686fb9473b3b3cc84ed2d20979f792c36adbb6228579d23a38a2fa1d5186fcbb86aa0567651894eb2ed51f5165d59fab8f6e3f354d137ef06cdd
-
C:\Users\Admin\.prostocraft\jre_launcher\bin\zip.dllMD5
607e3117753f1be1d8c6555d8cb7fbd8
SHA1816e6dc9f77b7f04621863e3d8da1fe804822e9c
SHA25689e2a52601cbaaf90f56ca486c05ad38afeb127cf6a039039dcb800f8d9ba5f9
SHA51202272fbbebe3cda6c29fce210561df0001155efba14d28b1b00872ed41b96579eea5676c681a97c0fece001cb791f8ebe4e10af7f4092817ab880cca83a66abc
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\amd64\jvm.cfgMD5
c60e77ff5f3887c743971e73e6f0e0b1
SHA19b0cfd38ec5b7bd5bd1c364dee2e1b452a063c02
SHA25623f728cc2bf14e62d454190ea0139f159031b5bd9c3f141ca9237c4c5c96ec1d
SHA51207aca3de1a03a3b64b691fd41e35e6596760baf24c4f24e86fca87d2acf3a4814b17cd9751adc2dcd0689848f3d582fb3ee01d413e3a61d1d98397d72fe545e9
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\currency.dataMD5
06cbdc01d247d7b365c804c4e9aaefad
SHA1183cb72e7bf7118d870e549e9ca1fc096a2e3107
SHA256183cea6ec937c92c47f2af345fda468cb19c6126dbb1a35b70dd47623efabe2b
SHA51278a768406649b73457796f19f347c407c867c630be77d79997e25ca852e3987c0645fb5affecaaae458b1d6f9dbc6e359f505760652a898d6a1f515034a004c2
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\meta-indexMD5
c13d39595f3ab17500d6963b323558a5
SHA165e8806bdc09e1433e0c9c4ccbce759a3db0df98
SHA256f3c5b6ec18f23aabcb3c33ae6972c5f65fc3220196e4a3081e25341ce530cf64
SHA5129e5821660a85337ad94a7d8dd488ca400e58046af7ab0785080b257c35d22462304b59d157579c3d79315a9d51bad3970988a8e45f34d8d741265f6e3ff202d1
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\nashorn.jarMD5
e25f5e11b9702241d9cfa08a7ffede66
SHA1c9fdc6e1be21dbebbeae268db4dfee273f80c8e4
SHA256a1fae362c0b629a8bc2573ac53b10cd58908df0fa7787b506f06ef4f9603ee56
SHA5121cbb368e85db75939c8dd07026fb09666adaa0014dfd6f34caaee22d6106197e853849bc1995f6f8b2e56b821327d6316cbb1004cf431579811c89fb637e6fd8
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\openjsse.jarMD5
06d227469855967edac6763909785dba
SHA1cc9578a57ec16fc4091efe5d7be7ca2048617f68
SHA25604bacac471ca7d29dcdd06013f5d48eb0e30adfacbc4cd192f7008f6d75a8864
SHA5123c52b46f28955e85b5e45db8213fd1adb1b320da9e809daf1ff8f8204c2c592cbe5cec1b98133f2d9543dccd407658fee77cf33722e3cf28beeab3a9a903e3ff
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\sunec.jarMD5
79fef85c0dabf1c0075d6bfbb6759244
SHA1b7ff2ffd36e7c47b419cdcb46b1edfa900c116a5
SHA25664638c49201c94989fad0c0a2169bda9765b67fcc2aef2aa4033dd29872b3e69
SHA512b2e079225a49e8b89722128773dcc3865273d91cfe4f3dcf6dc7088aabcd92ef3ecf2f515595bff27343bbc96a03eeb69760e35635b55193df313b58bacaf8a6
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\jce.jarMD5
568bc38e0ddd963fd7527d03ede92d30
SHA19e8e4d9342ba118d215effff0d1fc7bdb6f85f06
SHA25675dc223aac99d208ac71dd0eb0f4da24b869bf76019bd6d609602d19b3c24bdf
SHA5123a51e3bf825a0f7fa14375ec452f736688e38e4ecf7eefb121560a7c664cad006874d34c163a325dd6ed5ecfcb425817f2d21e54694291775c4a8587b6a168c6
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\jfr.jarMD5
4d48c2627bdd719de7d8dcda91a9385e
SHA1f72a1189bfa1310afb4799fd343234e962ce4453
SHA25646c367ff26ca9bf9e19a7e6f26d68ca4cbb09172ecd21f673fc9456a171a6758
SHA512ae2ccb4a89def734f27d88ac439cceeffabe388635d4b386e42483617b9c4f65125b7c2cc7124063e2abddc3624536535d3ecce8fff07a5e4738b5f5c2f36fd5
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\jsse.jarMD5
eb6ca61950d7c34fe6d1d734a1b6a6d7
SHA1e89da234bd5e00a7c2ea5abb99e3aa54993a8e32
SHA2562532573c38e277175a0b7eb529fed5f54e20bc961ddf8fcf99d939da954ec760
SHA512e3a808abf5dfb24203ba1c0482e0e672f537b7299b21c4825c916128afa646d72837c3e81712f6f67d83f7d8d6c9b84ec9853c29f642e7b02b5a69082d250a9a
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\logging.propertiesMD5
809c50033f825eff7fc70419aaf30317
SHA189da8094484891f9ec1fa40c6c8b61f94c5869d0
SHA256ce1688fe641099954572ea856953035b5188e2ca228705001368250337b9b232
SHA512c5aa71ad9e1d17472644eb43146edf87caa7bccf0a39e102e31e6c081cd017e01b39645f55ee87f4ea3556376f7cad3953ce3f3301b4b3af265b7b4357b67a5c
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\meta-indexMD5
83964354d8e8e69dfc1001f01682bd70
SHA11f2012a464683ccc1c284d51b20778811641b2ee
SHA256dff270e76bd7d851cbcf79702aebd71122c3a9e93836ae4e9f650234a754b5c3
SHA5124be6e0c8ed2bd2f59286bbfa5041676f352e32731e070d7c26511e1e570bd8d6940ff2cc59b0e1656c9c8b3f86186a34709dbf19c303d80840307dacc39d9956
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\rt.jarMD5
458bc2981d973f4e026a8fb60289fade
SHA1d3788bf4acb12e0e15e4adeb597062c308df04bd
SHA2564ba750e38b48d8040a692160a31323bf64e41d95b6d1058e70fcbf09045a4f6d
SHA512c2825c905c668ed060dfb46425afe5e30d857c661987c899e1c29dedb94b02c2186ef0f732e4c5bf531b2b354bf0bb521a19ad05697de12e688669fbbb38e530
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\security\java.securityMD5
5437557ab8efaa997e3a4cf2d6e23012
SHA1751aa69f3eff9f079f8a4834b1416f029cdbd5e4
SHA256fc7d92dab9e7b2ce281937b747c3341f8039d43290ebf1a0ab41d05f83ec6c55
SHA51298f46518acb7e3eafa1b5a67ffa308a2f9b6094fe1eeaace6f3b176d4ddbb1d89bf90d247fd21d32d71941163ab5a761f28503bb19e98e44a76df4fad127e614
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\tzdb.datMD5
91e23cf0643b8b4109440215fc662aa2
SHA1f401cdf8f33de0b1442aa64b0437e79133957d20
SHA256939cd4a7554ad2f85b493d6213c5815736add4eb1a14de37a8c8b0106b952f7a
SHA51263bee2044eb21fe2ead9e41e893547a6ac4c882413a6749f2e5858fb91678033f36a1f6837c5140a3f4c563a05773647971e913125587b0c53cf23356d35592c
-
C:\Users\Admin\.prostocraft\jre_launcher\lib\tzmappingsMD5
62bc9fa21191d34f1db3ed7ad5106efa
SHA1750cc36b35487d6054e039469039aece3a0cc9e9
SHA25683755efbcb24476f61b7b57bcf54707161678431347e5de2d7b894d022a0089a
SHA512af0ddb1bc2e9838b8f37dc196d26024126ac989f5b632cb2a8efdc29fbce289b4d0bac587fe23f17dfb6905ceada8d07b18508db78f226b15b15900738f581a3
-
C:\Users\Admin\.prostocraft\launcher.jarMD5
0360fe6abe104ecb26a0e3bce2072f52
SHA1e2708a524408e8f032c443b246e35e31d6d2de0c
SHA256078407d24cb054aa864bdbd733f9bd9f89fe895a4202d98f598a26db15605cec
SHA51288626d06b525cbc17787c6f59c307bbc8b1085b01877384ffbbd054a6841503b30998e254a4a56670e841ca0c438500d5d0047a8a7ff10c379af90f06ba02b0c
-
\Users\Admin\.prostocraft\jre_launcher\bin\java.dllMD5
3f31721d9d07e16703822163852ad595
SHA1eb4fbcaa5a15aa5809c32abec87d9ed6b0d1959b
SHA256f8620213358c4e63e8c04e095db383f8f39170a9360dd33dbd600ea750a00efc
SHA51257fda13b745a0b91cf7bcf171f8de7a3537c45d16fbe59c4659502ba69efc6aec786edb0839195c240ca4dc1407138a92e8969410c59e88b0eaf77b4820f2199
-
\Users\Admin\.prostocraft\jre_launcher\bin\management.dllMD5
104c87698afab216ba46a12d3249fdd2
SHA1f5866a5abe8246261d304a99e88a049a9f733c6f
SHA256334002d1fd15a0bc3b364da760c21f5b37e7577843fe741483b007d750e47037
SHA5126429a5ecc59c7e6e8c43f566873f76d226e1228d75ab8eb3f00f44dcc0e0e9fe2bf79216138381b2f62b8256ec08e96b74ca145a76e1a534e53f681bb3cdf11f
-
\Users\Admin\.prostocraft\jre_launcher\bin\msvcr100.dllMD5
366fd6f3a451351b5df2d7c4ecf4c73a
SHA150db750522b9630757f91b53df377fd4ed4e2d66
SHA256ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5
SHA5122de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130
-
\Users\Admin\.prostocraft\jre_launcher\bin\net.dllMD5
cb8432a2d628e71cbc64cdf482acebc9
SHA13a4e39e7f7fbb4035e7dc84647daec8df1b0c5a0
SHA256fa86cfe0062b72f3ce803fde6132b8ab2f976a0bf988398e748c376bba178af0
SHA51272173b3d64cc529bbbdd17f56bd08648c732158ed11ad685d01fe5e306900046e562e1c5e187c8c586b6d481401717f2bb3d8b4f7d153fc035b2e5d67ef77e21
-
\Users\Admin\.prostocraft\jre_launcher\bin\nio.dllMD5
087ebc333bed4c5098bdc791bb3268b1
SHA1bf05182a4df4d51b1b1128f87874d997c1cf8be0
SHA256765a2f4c750b53627f0549641cb998e01ccfa56c40e9d847825d7982e5a0318b
SHA5127ee2d1c095afb12d638069bf6ecac59f79c48d7e06f428bd52fb8c793ddaa9919a99dd53e8c2c495bc372641875f132ccc3e3808e298f910793a789bc829acc6
-
\Users\Admin\.prostocraft\jre_launcher\bin\server\jvm.dllMD5
5008d1e765a674700b11cd8f2080afa0
SHA103bc819591f2c9bbc640f74f73d0bb679b232e70
SHA2562337c9c4ab16d8e78dc54f7cde3353e75a18a286283a650d5dd318a2cdcc481a
SHA51234ab0c1153e692fdc9b5e46771d3dd9daf1bacb751c70ae24b9b29426badf1e908202f12d8028b2810596b85b67972666a57c3a710dba3969e8eb6201986c5fa
-
\Users\Admin\.prostocraft\jre_launcher\bin\sunec.dllMD5
50561e132453081ab3be005bf6796d90
SHA1b5462b6855123a525d79331bd25a70cd4f3ce1e4
SHA25655fd9666ca27bcd48b5a86ed39d524a5b677b2e4857f7605bd72b6657c2ce995
SHA51278944d894798de8da9ff21407155378f26462508e441c829dc31e09e3217e4c2f35d255f13b54e439e1ad8e1d798696fe8dbc96483dd3c1e93ecda99bfdf525a
-
\Users\Admin\.prostocraft\jre_launcher\bin\verify.dllMD5
e2e4d70319b2c6f1d0f3518dcdec41f9
SHA1c06ad7b35aab3d0e7517e8da6ec771b86864822a
SHA2562d05c3f8ae307ffff9904524af3a2f30b31f973fa68d9ac3dc76f1efbdabe9fd
SHA51253ec25c59d1f686fb9473b3b3cc84ed2d20979f792c36adbb6228579d23a38a2fa1d5186fcbb86aa0567651894eb2ed51f5165d59fab8f6e3f354d137ef06cdd
-
\Users\Admin\.prostocraft\jre_launcher\bin\zip.dllMD5
607e3117753f1be1d8c6555d8cb7fbd8
SHA1816e6dc9f77b7f04621863e3d8da1fe804822e9c
SHA25689e2a52601cbaaf90f56ca486c05ad38afeb127cf6a039039dcb800f8d9ba5f9
SHA51202272fbbebe3cda6c29fce210561df0001155efba14d28b1b00872ed41b96579eea5676c681a97c0fece001cb791f8ebe4e10af7f4092817ab880cca83a66abc
-
memory/1732-166-0x00000000033F0000-0x0000000003400000-memory.dmpFilesize
64KB
-
memory/1732-177-0x0000000003430000-0x0000000003440000-memory.dmpFilesize
64KB
-
memory/1732-137-0x0000000003140000-0x00000000033B0000-memory.dmpFilesize
2.4MB
-
memory/1732-138-0x0000000001220000-0x0000000001221000-memory.dmpFilesize
4KB
-
memory/1732-181-0x0000000003470000-0x0000000003480000-memory.dmpFilesize
64KB
-
memory/1732-161-0x0000000003400000-0x0000000003410000-memory.dmpFilesize
64KB
-
memory/1732-180-0x0000000003460000-0x0000000003470000-memory.dmpFilesize
64KB
-
memory/1732-179-0x0000000003450000-0x0000000003460000-memory.dmpFilesize
64KB
-
memory/1732-167-0x0000000003410000-0x0000000003420000-memory.dmpFilesize
64KB
-
memory/1732-148-0x0000000001220000-0x0000000001221000-memory.dmpFilesize
4KB
-
memory/1732-156-0x00000000033E0000-0x00000000033F0000-memory.dmpFilesize
64KB
-
memory/1732-159-0x00000000033D0000-0x00000000033E0000-memory.dmpFilesize
64KB
-
memory/1732-158-0x00000000033C0000-0x00000000033D0000-memory.dmpFilesize
64KB
-
memory/1732-116-0x0000000000000000-mapping.dmp
-
memory/1732-178-0x0000000003440000-0x0000000003450000-memory.dmpFilesize
64KB
-
memory/1732-176-0x0000000003420000-0x0000000003430000-memory.dmpFilesize
64KB
-
memory/1732-155-0x00000000033B0000-0x00000000033C0000-memory.dmpFilesize
64KB
-
memory/3128-115-0x0000000002354000-0x0000000002355000-memory.dmpFilesize
4KB
-
memory/3128-164-0x0000000002358000-0x0000000002359000-memory.dmpFilesize
4KB
-
memory/3128-162-0x0000000002355000-0x0000000002357000-memory.dmpFilesize
8KB
-
memory/3128-114-0x0000000002350000-0x0000000002352000-memory.dmpFilesize
8KB