2b0e05e169643319074f306153e55f2d839adb0378d6e721c04198233b892bfa

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
08/02/2023, 18:36 UTC

Target

MinecraftInstaller.exe
Size

31.8MB
MD5

24c96f96660bcedbf8648c8e43c3630c
SHA1

127dbeec1e9a7b8db42704172ba9e9bae0269754
SHA256

2b0e05e169643319074f306153e55f2d839adb0378d6e721c04198233b892bfa
SHA512

ed01d726284b92f0c594db2b4644903109c1f7ec650b6572207d1f1d8fe26e97dd3d89df6296b625023f0c63148b5ae543db21573c60aa487c57414219e3916c
SSDEEP

393216:Ubekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9yt:vZn/G4Gqk1cWe2iTVCMue3T

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2028	752	WerFault.exe	26

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	752	MinecraftInstaller.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 2028	752	MinecraftInstaller.exe	27
PID 752 wrote to memory of 2028	752	MinecraftInstaller.exe	27
PID 752 wrote to memory of 2028	752	MinecraftInstaller.exe	27
PID 752 wrote to memory of 2028	752	MinecraftInstaller.exe	27

C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:752
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 1096
  2⤵
  - Program crash
  PID:2028

memory/752-54-0x0000000000CC0000-0x0000000002C8A000-memory.dmp

Filesize
31.8MB

Download
memory/752-55-0x0000000006C80000-0x0000000006E42000-memory.dmp

Filesize
1.8MB

Download
memory/752-56-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download