Overview

overview

8

Static

static

1

MinecraftI...er.msi

windows7-x64

8

MinecraftI...er.msi

windows10-2004-x64

8

MinecraftI...er.msi

android-9-x86

MinecraftI...er.msi

android-10-x64

MinecraftI...er.msi

android-11-x64

MinecraftI...er.msi

macos-10.15-amd64

MinecraftI...er.msi

ubuntu-18.04-amd64

MinecraftI...er.msi

debian-9-armhf

MinecraftI...er.msi

debian-9-mips

MinecraftI...er.msi

debian-9-mipsel

Analysis

  • max time kernel
    87s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-02-2023 09:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MinecraftInstaller.msi

  • Size

    2.5MB

  • MD5

    22991d4ef03118107a943934d92319d1

  • SHA1

    832ea164d844401f9eced5bf84d45ad4b273cf8c

  • SHA256

    1d9f66794a5af4e409a6c6b32a14d674cc1ea96f69e2cf2acb3c7b997750d5f8

  • SHA512

    79a87b895184188d987f9390f28c20ab4d999d953f9c3d3f92f9d0069a0dc6490c4ef69603e12b62554d809a08b97a79b12f98055b0ebc6a91d5215e3b95fd33

  • SSDEEP

    49152:69wfmqHrSa1uL7TFSCEeQ6EOMhKqL0WCb:+7a1ugeQVhLha

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 15 IoCs
  • Modifies data under HKEY_USERS 46 IoCs
  • Modifies registry class 23 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1976
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:608
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 76ADC4344D71C929818554BAD95324F4 C
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1012
      • C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
        3⤵
        • Executes dropped EXE
        PID:2016
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 8E81DBDE57B62442CFA5A07174B61BD7
      2⤵
      • Loads dropped DLL
      PID:1904
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 22D90ED0F500228652B11AD0245EB2C1 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      PID:1412
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
      PID:1184
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000588" "00000000000004A8"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:1508
    • C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
      "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
      1⤵
      • Executes dropped EXE
      PID:1620

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    Peripheral Device Discovery

    1
    T1120

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
      Filesize

      3.3MB

      MD5

      0501b8eb39f00dcaa3c89ccec2fbde17

      SHA1

      cb7b82a5d02a2b5ea9c16b5083015c832b556405

      SHA256

      161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

      SHA512

      4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

      Download Submit
    • C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
      Filesize

      3.3MB

      MD5

      0501b8eb39f00dcaa3c89ccec2fbde17

      SHA1

      cb7b82a5d02a2b5ea9c16b5083015c832b556405

      SHA256

      161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

      SHA512

      4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

      Download Submit
    • C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
      Filesize

      3.3MB

      MD5

      0501b8eb39f00dcaa3c89ccec2fbde17

      SHA1

      cb7b82a5d02a2b5ea9c16b5083015c832b556405

      SHA256

      161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

      SHA512

      4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
      Filesize

      471B

      MD5

      2fb45da83863bdd651aa1ec88cfc4d4d

      SHA1

      2634c8e2e479d7e7d6bb0be90662531bbcc929fc

      SHA256

      cc5125bf64923f3c28ba199c75ef3a69ac488abbdac56fe082bc240e26353456

      SHA512

      b5311ed92c09192ca3957e28605945fb747527da38ca2c7b9fa4ed53d4e1fbd5e9a3786d0e0ca2fd48deb981bbcb6724a8194b27df0c67a27f1ab55a0d6ea44a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40
      Filesize

      471B

      MD5

      d021ee1d5475bc42be5524f4a12ca8ff

      SHA1

      47e9544efd0634a63666f3ae3a1b1bbd89d08cdd

      SHA256

      9c92ba20fe4aca9af71a61f1e6b017687dbc01ed487806a1aa3d26942208444c

      SHA512

      29fea32479480ad1ae3e4ec7b509d186b5c26ee71600337f5827b50f317bce13d2340860b8d593fc139aea9188db4a2587b537949427df80683e2c2bf7d53ed5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
      Filesize

      434B

      MD5

      6c9869d76fe005e58ccf0c81abcb210b

      SHA1

      fdf7f7b1187ba3cf7fc77c987475bf586353baf7

      SHA256

      87135906272d19da12c1d5ba8d987c5f85800830fb9d4efc15034c7a4660826d

      SHA512

      728d2a5e643236bbd480b15f0a589854e837c52eccd68cfb165842177ee9b6a370a00db279a25f6400701b14cf94119679098371570869df9b1464333a6248a6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40
      Filesize

      430B

      MD5

      6a33a1b73d034a29ef1c4282263aaf6a

      SHA1

      b344538a89645df8ca168b942809607464814c08

      SHA256

      b0d8c7ac690aeaee4f0d2f695fdad5b0357fa89981031b22a9918c7700215384

      SHA512

      87c87fcc0a527f4e0cecf9f1f07654a54306bcb65337a14029f34c20af252f113f8923976ec7c51b7ebd4bb5da9f20846558836dd355a035a159d659aa8debdd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d8f8ef2bf5f970031ddf96888c24fdf7

      SHA1

      690b34e24815d0e866394904ad21ee4b8eea9063

      SHA256

      f9abfcb2dff1b05a2e3527f2e9db2cd21a97edebe1cb50f78e7a481366009873

      SHA512

      eae86da745d4e5454ed7180f288643cc4b6870eee3313593b925499aa45f53b2304417d6f06794adde9bb04244d958b80f0176d4023bbe8f1fc14b9259fdc14d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\MSI6907.tmp
      Filesize

      87KB

      MD5

      48eaf9d4ccf75bc06bbc5d33e78b7fff

      SHA1

      c710753c265b148f27ff3f358bb0ee980ab46423

      SHA256

      9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

      SHA512

      505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\MSIEE9B.tmp
      Filesize

      181KB

      MD5

      785ee78478d43f00870e91fa96b94646

      SHA1

      97e3f06230bb97333db9574e56a187c2b5dfce50

      SHA256

      b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

      SHA512

      d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

      Download Submit
    • C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt
      Filesize

      492B

      MD5

      e46548fffbce5a4fcece402fddc5552a

      SHA1

      57d0231cff9cec3ecd9c330c7614377a907f7f9a

      SHA256

      0e74e56a8a3772950090a954834013e4cd723c060a3591c5bb967a15edaeccc5

      SHA512

      6dffa73578f0dab580172c7afed070ef5271bafb0d6057d78552052b00badaa03d0ab9c6c2070873cc8a006cfed2512b4c2fba31886179f4b5ae1ac792ef5b23

      Download Submit
    • C:\Windows\Installer\MSIDB65.tmp
      Filesize

      181KB

      MD5

      785ee78478d43f00870e91fa96b94646

      SHA1

      97e3f06230bb97333db9574e56a187c2b5dfce50

      SHA256

      b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

      SHA512

      d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

      Download Submit
    • C:\Windows\Installer\MSIDC7F.tmp
      Filesize

      181KB

      MD5

      785ee78478d43f00870e91fa96b94646

      SHA1

      97e3f06230bb97333db9574e56a187c2b5dfce50

      SHA256

      b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

      SHA512

      d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

      Download Submit
    • C:\Windows\Installer\MSIE1BE.tmp
      Filesize

      181KB

      MD5

      785ee78478d43f00870e91fa96b94646

      SHA1

      97e3f06230bb97333db9574e56a187c2b5dfce50

      SHA256

      b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

      SHA512

      d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

      Download Submit
    • \Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
      Filesize

      3.3MB

      MD5

      0501b8eb39f00dcaa3c89ccec2fbde17

      SHA1

      cb7b82a5d02a2b5ea9c16b5083015c832b556405

      SHA256

      161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

      SHA512

      4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

      Download Submit
    • \Users\Admin\AppData\Local\Temp\MSI6907.tmp
      Filesize

      87KB

      MD5

      48eaf9d4ccf75bc06bbc5d33e78b7fff

      SHA1

      c710753c265b148f27ff3f358bb0ee980ab46423

      SHA256

      9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

      SHA512

      505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

      Download Submit
    • \Users\Admin\AppData\Local\Temp\MSIEE9B.tmp
      Filesize

      181KB

      MD5

      785ee78478d43f00870e91fa96b94646

      SHA1

      97e3f06230bb97333db9574e56a187c2b5dfce50

      SHA256

      b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

      SHA512

      d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

      Download Submit
    • \Windows\Installer\MSIDB65.tmp
      Filesize

      181KB

      MD5

      785ee78478d43f00870e91fa96b94646

      SHA1

      97e3f06230bb97333db9574e56a187c2b5dfce50

      SHA256

      b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

      SHA512

      d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

      Download Submit
    • \Windows\Installer\MSIDC7F.tmp
      Filesize

      181KB

      MD5

      785ee78478d43f00870e91fa96b94646

      SHA1

      97e3f06230bb97333db9574e56a187c2b5dfce50

      SHA256

      b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

      SHA512

      d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

      Download Submit
    • \Windows\Installer\MSIE1BE.tmp
      Filesize

      181KB

      MD5

      785ee78478d43f00870e91fa96b94646

      SHA1

      97e3f06230bb97333db9574e56a187c2b5dfce50

      SHA256

      b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

      SHA512

      d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

      Download Submit
    • memory/1012-56-0x0000000000000000-mapping.dmp
      Download
    • memory/1012-57-0x0000000074AB1000-0x0000000074AB3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1412-72-0x0000000000000000-mapping.dmp
      Download
    • memory/1904-66-0x0000000000000000-mapping.dmp
      Download
    • memory/1976-54-0x000007FEFB6D1000-0x000007FEFB6D3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2016-80-0x0000000000000000-mapping.dmp
      Download