ea04fa0a4191001206744c948dbf1a810a633fd760f699c16b60386c66a6b6b7 | Triage

Resubmissions

04/02/2023, 20:02

230204-yr9cpshg21 8

Analysis

max time kernel
73s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2023, 20:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Minecraft Launcher.exe
Size

4.4MB
MD5

be214f4374142dfa548ac39eca507e94
SHA1

3e2279a0eb74ae3dcf2d60cd6ed33a3fd45fa304
SHA256

ea04fa0a4191001206744c948dbf1a810a633fd760f699c16b60386c66a6b6b7
SHA512

c16f7b2d8c4fd6b0aad0f4061a8c2b8617f1dc09d696ab6e28ee8e87c661713a5fba34c3916f6477731f36f49ea74cc0c557e73ac05d07807576259eda7c4a00
SSDEEP

98304:XfZt4EJC5UiDvZpHMM+5rFp3tSjiZmJXbICNqI6:XxzJZiDR6M+5roOZkXbICNqI6

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 1284	4664	Minecraft Launcher.exe	80
PID 4664 wrote to memory of 1284	4664	Minecraft Launcher.exe	80

C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"
  2⤵
  - Drops file in Program Files directory
  PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1284-142-0x0000000002E70000-0x0000000003E70000-memory.dmp

Filesize
16.0MB

Download