1369e029a6b0da91db5e735b2942b1a5549dfb909ab1e98b919481a04b7cf5e6

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22/04/2023, 11:57

Target

MinecraftInstaller.exe
Size

32.0MB
MD5

7b681d2a775f0505b4fa4e6899730ec0
SHA1

285e9a0f1c3a5aef9b63c1089c4e9847bb176d3e
SHA256

1369e029a6b0da91db5e735b2942b1a5549dfb909ab1e98b919481a04b7cf5e6
SHA512

4746fbd6b7094e07e82a9720b1243cb43663408a5c581a274508e8bf44fcb4e254ae24bec6951761ae488c6f64eeb938bf4d613587f93f3378174f7eea2f1016
SSDEEP

393216:Tbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9y:OZn/G4Gqk1cWe2iTVCMue3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1064	1972	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1972	MinecraftInstaller.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1064	1972	MinecraftInstaller.exe	28
PID 1972 wrote to memory of 1064	1972	MinecraftInstaller.exe	28
PID 1972 wrote to memory of 1064	1972	MinecraftInstaller.exe	28
PID 1972 wrote to memory of 1064	1972	MinecraftInstaller.exe	28

C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 1112
  2⤵
  - Program crash
  PID:1064

memory/1972-54-0x0000000000C90000-0x0000000002C8E000-memory.dmp

Filesize
32.0MB

Download
memory/1972-55-0x0000000006E50000-0x0000000007012000-memory.dmp

Filesize
1.8MB

Download
memory/1972-57-0x0000000000480000-0x00000000004C0000-memory.dmp

Filesize
256KB

Download
memory/1972-58-0x0000000000480000-0x00000000004C0000-memory.dmp

Filesize
256KB

Download