998709df716b9a097b34ed83531129fbf044c0785096a7f4df187d06f1b831b5

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28-03-2023 21:14

Target

MinecraftInstaller.exe
Size

32.0MB
MD5

24b3de3538133086e007899bce1a9f4d
SHA1

584bed740c7d119b3fdca99dc8652979b70e3716
SHA256

998709df716b9a097b34ed83531129fbf044c0785096a7f4df187d06f1b831b5
SHA512

ff0bb03da6a6cc5eb63b15a706779f27bc05f06fb9c3d27d72cc6a187e2d2d39f4e31ff39f8a44785b138903173301c7c6c3f74bc564fdb7b2386d77c7cdcf05
SSDEEP

393216:1bekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9yJ:8Zn/G4Gqk1cWe2iTVCMue3L

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1940	1932	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1932	MinecraftInstaller.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1940	1932	MinecraftInstaller.exe	28
PID 1932 wrote to memory of 1940	1932	MinecraftInstaller.exe	28
PID 1932 wrote to memory of 1940	1932	MinecraftInstaller.exe	28
PID 1932 wrote to memory of 1940	1932	MinecraftInstaller.exe	28

C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 1116
  2⤵
  - Program crash
  PID:1940

memory/1932-54-0x0000000000B50000-0x0000000002B4C000-memory.dmp

Filesize
32.0MB

Download
memory/1932-55-0x00000000069F0000-0x0000000006BB2000-memory.dmp

Filesize
1.8MB

Download
memory/1932-57-0x00000000069B0000-0x00000000069F0000-memory.dmp

Filesize
256KB

Download