Overview

overview

7

Static

static

7

Meinkraft ...er.exe

windows10-1703-x64

4

Analysis

  • max time kernel
    167s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20230621-en
  • resource tags

    arch:x64arch:x86image:win10-20230621-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-06-2023 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Meinkraft Server DDoS'er.exe

  • Size

    24.4MB

  • MD5

    faed7172fb1d01e551578bf20bf0f922

  • SHA1

    fb2d49680de7c68e1b27d1d4026080ae724188f7

  • SHA256

    3970986b134943f64641442b257f30280226e8411ad2e7b0e474405adc18e975

  • SHA512

    ee7805ea8a4c2790553721ed5087a2928bf5ea88f3e276df65cfa2bf397363eb30c414de6223ca23ca2f2d37c67555d4e9d15d06899f8379b1ad1047d706d847

  • SSDEEP

    786432:52Uz7SPP3LfFrFrFrFrFrFmsPyfTZJwMlveOTS69:52Uz7SP/LfFrFrFrFrFrFHPATfFveOTz

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 51 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Meinkraft Server DDoS'er.exe
    "C:\Users\Admin\AppData\Local\Temp\Meinkraft Server DDoS'er.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    PID:3940
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3b4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4884
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4788
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4988

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\3877292338.pri
    Filesize

    162KB

    MD5

    0d02b03a068d671348931cc20c048422

    SHA1

    67b6deacf1303acfcbab0b158157fdc03a02c8d5

    SHA256

    44f4263d65889ea8f0db3c6e31a956a4664e9200aba2612c9be7016feeb323c0

    SHA512

    805e7b4fafed39dec5ecc2ede0c65b6e103e6757e0bd43ecdce7c00932f59e3e7a68d2ea0818244dfeb691b022c1ccca590a3f4239f99e1cd8a29ba66daed358

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\810424605.pri
    Filesize

    2KB

    MD5

    a2942665b12ed000cd2ac95adef8e0cc

    SHA1

    ac194f8d30f659131d1c73af8d44e81eccab7fde

    SHA256

    bdc5de6c42c523a333c26160d212c62385b03f5ebdae5aa8c5d025ff3f8aa374

    SHA512

    4e5ba962ba97656974c390b45302d60f4c82d604feb6199d44e80497a40d0b0a9fd119ca17ac184809ca0821ab6813292892c433ed7277f65c275f37a96070b9

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
    Filesize

    379B

    MD5

    9a86aaaf3235a7fe0b85e4b3bf4cbdb9

    SHA1

    5dd34ce2103ea948981cfa784cdd537246f7ef77

    SHA256

    0fa298e52c17a5d4d382cdf71ae73dee9fc3251b4f2ecfde29ffa0986a76b142

    SHA512

    d3e9a03c28c8ddb313c5ba3f517c7bf59a05fd17befb810440d8e230e08b669d004ed46dfcc8f01dcd94347342d96c4d887c4cca2507d8953259001aaf5e200f

    Download Submit
  • memory/3940-647-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-666-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-137-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-221-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-463-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-483-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-494-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-516-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-611-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-117-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-665-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-143-0x0000000003780000-0x0000000003781000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3940-667-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-675-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-676-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-677-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-688-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-119-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-118-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-693-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download
  • memory/3940-694-0x0000000000F70000-0x00000000030B2000-memory.dmp
    Filesize

    33.3MB

    Download