Analysis
-
max time kernel
600s -
max time network
597s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
-
submitted
23-11-2022 07:10
General
-
Target
https://github.com/minetest/minetest/releases
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 2 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 17 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://github.com/minetest/minetest/releases1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://github.com/minetest/minetest/releases2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3288.0.131281830\1140576142" -parentBuildID 20200403170909 -prefsHandle 1552 -prefMapHandle 1544 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3288 "\\.\pipe\gecko-crash-server-pipe.3288" 1632 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3288.3.745860643\2131670843" -childID 1 -isForBrowser -prefsHandle 2228 -prefMapHandle 2096 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3288 "\\.\pipe\gecko-crash-server-pipe.3288" 2240 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3288.13.190411432\1323448686" -childID 2 -isForBrowser -prefsHandle 3376 -prefMapHandle 3372 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3288 "\\.\pipe\gecko-crash-server-pipe.3288" 3344 tab3⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\minetest-5.6.1-win64\bin\minetest.exe"C:\minetest-5.6.1-win64\bin\minetest.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4181⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/652-120-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-121-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-122-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-124-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-128-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-127-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-126-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-125-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-129-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-130-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-123-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-131-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-133-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-134-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-135-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-136-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-137-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-139-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-138-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-140-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-141-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-142-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-132-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-143-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-145-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-144-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-146-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-149-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-148-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-150-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-147-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-151-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-152-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-153-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-154-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-156-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-157-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-155-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-158-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-160-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-161-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-159-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-162-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-167-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-169-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-168-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-170-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-166-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-171-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-172-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-165-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-164-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-163-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-173-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-174-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-175-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-176-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-177-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-179-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-178-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-180-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-181-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-182-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB
-
memory/652-183-0x00007FF66ED30000-0x00007FF66ED40000-memory.dmpFilesize
64KB