Overview

overview

7

Static

static

1

Minecraft ....5.jar

windows7-x64

6

Minecraft ....5.jar

windows10-2004-x64

7

Minecraft ....8.jar

windows7-x64

1

Minecraft ....8.jar

windows10-2004-x64

7

Minecraft ...-4.jar

windows7-x64

1

Minecraft ...-4.jar

windows10-2004-x64

7

Minecraft ...OT.jar

windows7-x64

1

Minecraft ...OT.jar

windows10-2004-x64

7

Minecraft ...op.jar

windows7-x64

1

Minecraft ...op.jar

windows10-2004-x64

7

Minecraft ...ns.jar

windows7-x64

1

Minecraft ...ns.jar

windows10-2004-x64

7

Minecraft ...er.jar

windows7-x64

1

Minecraft ...er.jar

windows10-2004-x64

7

Minecraft ....1.jar

windows7-x64

1

Minecraft ....1.jar

windows10-2004-x64

7

Minecraft ....1.jar

windows7-x64

1

Minecraft ....1.jar

windows10-2004-x64

7

Minecraft ...es.jar

windows7-x64

1

Minecraft ...es.jar

windows10-2004-x64

7

Minecraft ....0.jar

windows7-x64

1

Minecraft ....0.jar

windows10-2004-x64

7

Minecraft ...or.jar

windows7-x64

1

Minecraft ...or.jar

windows10-2004-x64

7

Minecraft ....1.jar

windows7-x64

1

Minecraft ....1.jar

windows10-2004-x64

7

Minecraft ...se.jar

windows7-x64

1

Minecraft ...se.jar

windows10-2004-x64

7

Minecraft ...se.jar

windows7-x64

1

Minecraft ...se.jar

windows10-2004-x64

7

Minecraft ...my.jar

windows7-x64

1

Minecraft ...my.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Minecraft smp/plugins/Citizens.jar

  • Size

    3.7MB

  • MD5

    03abf85de8bd433340fbd38391fced32

  • SHA1

    1b7ee09725655fc9bb523830ac5817a49afa459c

  • SHA256

    94e13d93a8117258ac49b77446a47ccc502fa5099e46c06e95a95abd08b2a47f

  • SHA512

    988964ed47d49b04893a59ed6e99af69685d08703f01589946957071121cc6dcfdce218b271652a372e2d544f3a19ad54d358af6b0fcceab8fd0fe96675310a7

  • SSDEEP

    49152:poK3Run3D8wR7fMVcvOtcJoBla7IpdLmavOxXVH917O27OA79U81DUpOFxO361m8:poKk3xR73OtcidfgVH9Sgn511H4C

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\Minecraft smp\plugins\Citizens.jar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1832
  • C:\Windows\System32\GameBarPresenceWriter.exe
    "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
    1⤵
      PID:3016
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2696
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
      1⤵
      • Checks processor information in registry
      • Modifies registry class
      PID:4712

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
      Filesize

      46B

      MD5

      b4c0bb7fd0852d2e846b4dc1bde018ff

      SHA1

      9ac67415055650b31e5aa764de8799da4d4647a3

      SHA256

      d6a46ace7e83bbcc5d341f0b52bf6213db0b06eaeb1fc45bb6eddfd5fc8e9ecb

      SHA512

      4f8e3e64f2644b87336baa4242b0305eec40579ed4f72bb5935125a4d87d67566a671777ce9578c535f45f9dfdb44083fe5db694c870fbe567a804937d0f6325

      Download Submit

    • memory/4756-2-0x0000025553E50000-0x0000025554E50000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4756-12-0x00000255525F0000-0x00000255525F1000-memory.dmp

      Filesize

      4KB

      Download