9561d9a721195d2588afbb9f9781049ade05b7587507522183f14f2d4e225ff9

Analysis

max time kernel
15s
max time network
17s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
30/01/2023, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minecraft OFF.reg
Size

1KB
MD5

bd2e49f5918762d95818818853f0df55
SHA1

b45fb2b5705cc80bacf0c13b6597fe81fb1d92d7
SHA256

9561d9a721195d2588afbb9f9781049ade05b7587507522183f14f2d4e225ff9
SHA512

c80c7001fa56029dec27ec1d68143f2ceb47452bca9920965101a8324cbe9b972e8a1215430a9ec89deaffbba24b003fdbb4a7b5498098c8b55bfa89494beaac

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ClipSVC\Parameters\ServiceDll = "%SystemRoot%\\System32\\ClipSVC.dll"	regedit.exe

Runs .reg file with regedit 1 IoCs

pid	Process
2752	regedit.exe

C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\Minecraft OFF.reg"
1⤵
- Sets DLL path for service in the registry
- Runs .reg file with regedit
PID:2752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads