Overview

overview

4

Static

static

1

OptiFine_1...G5.jar

windows7-x64

1

OptiFine_1...G5.jar

windows10-2004-x64

4

Analysis

  • max time kernel
    138s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/02/2023, 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OptiFine_1.12.2_HD_U_G5.jar

  • Size

    2.5MB

  • MD5

    54e561e441192cf009803ae95873c5d0

  • SHA1

    ca3aea3a09ce215906c346fe190907fe0347b0c4

  • SHA256

    3b0006797771feb97f2d0d2908ae7c9a78cefb2e730af1c2e85d08a839ba271e

  • SHA512

    74dc59c52b1d7b7f7b5b813f0037d36d1269237f1acc2e7665c0dc45b1a55ee400c28112edff2489bf753fd1a5d649623493db0c2298ba5d52907dfc1f7aef38

  • SSDEEP

    49152:S56z2RHLEi04vYitUH2C46nzPDy3NBhKGYmbkD4xyqsDAC+6qsa:pz2ZLrTY3tPGNBtYFLq+e

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\OptiFine_1.12.2_HD_U_G5.jar
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:4680
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4564

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4680-136-0x0000000002FA0000-0x0000000003FA0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4680-145-0x0000000002FA0000-0x0000000003FA0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4680-148-0x0000000002FA0000-0x0000000003FA0000-memory.dmp

      Filesize

      16.0MB

      Download