Overview

overview

7

Static

static

1

Minecraft ....5.jar

windows7-x64

6

Minecraft ....5.jar

windows10-2004-x64

7

Minecraft ....8.jar

windows7-x64

1

Minecraft ....8.jar

windows10-2004-x64

7

Minecraft ...-4.jar

windows7-x64

1

Minecraft ...-4.jar

windows10-2004-x64

7

Minecraft ...OT.jar

windows7-x64

1

Minecraft ...OT.jar

windows10-2004-x64

7

Minecraft ...op.jar

windows7-x64

1

Minecraft ...op.jar

windows10-2004-x64

7

Minecraft ...ns.jar

windows7-x64

1

Minecraft ...ns.jar

windows10-2004-x64

7

Minecraft ...er.jar

windows7-x64

1

Minecraft ...er.jar

windows10-2004-x64

7

Minecraft ....1.jar

windows7-x64

1

Minecraft ....1.jar

windows10-2004-x64

7

Minecraft ....1.jar

windows7-x64

1

Minecraft ....1.jar

windows10-2004-x64

7

Minecraft ...es.jar

windows7-x64

1

Minecraft ...es.jar

windows10-2004-x64

7

Minecraft ....0.jar

windows7-x64

1

Minecraft ....0.jar

windows10-2004-x64

7

Minecraft ...or.jar

windows7-x64

1

Minecraft ...or.jar

windows10-2004-x64

7

Minecraft ....1.jar

windows7-x64

1

Minecraft ....1.jar

windows10-2004-x64

7

Minecraft ...se.jar

windows7-x64

1

Minecraft ...se.jar

windows10-2004-x64

7

Minecraft ...se.jar

windows7-x64

1

Minecraft ...se.jar

windows10-2004-x64

7

Minecraft ...my.jar

windows7-x64

1

Minecraft ...my.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Minecraft smp/plugins/BossBarHealth-4.1.7-SNAPSHOT.jar

  • Size

    62KB

  • MD5

    48497657e0aa8ca3617b7e5eac28af90

  • SHA1

    eb4117a757bd64d7e77413ad7c59ff65daf05352

  • SHA256

    315b020ece3dd1f58d3f4d796bccb5bde65bf32306a85f1d74a07b9eebb4e8b0

  • SHA512

    2c9e3598b89238bdfcbd1e7112438b33af1a8721ae027faacc1236de5275d3c40398540dc6322282210816f9cb0d31a4aea2de14db02d9b2f40888c4e251bb23

  • SSDEEP

    1536:e1Sx/YwivuzmdKvqAeTSblLl1Vm3J2YVOnWzNdeCKs:e1SxxEhsvq27M5OnwdeCKs

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops desktop.ini file(s) 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\Minecraft smp\plugins\BossBarHealth-4.1.7-SNAPSHOT.jar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3088
  • C:\Windows\System32\GameBarPresenceWriter.exe
    "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
    1⤵
      PID:916
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5056
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
      1⤵
      • Drops desktop.ini file(s)
      • Checks processor information in registry
      • Modifies registry class
      PID:5068

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
      Filesize

      46B

      MD5

      05ecd72bee07ecc455000286340a8657

      SHA1

      2df9a2a14478195b5a4733e00976745a96a808c2

      SHA256

      082b07519f15a2b05da908180b18db606bd0f771aa83792f5a30be8e6f1050b8

      SHA512

      953a7e045bc29654f7319e408c2456d2eff29548fe85f13ef4ef1808e486fe07b5f7241887e898891a7a93061203cf00fa34b790eb4c763825b315a9ab2e4efc

      Download Submit

    • C:\Users\Admin\Videos\Captures\desktop.ini
      Filesize

      190B

      MD5

      b0d27eaec71f1cd73b015f5ceeb15f9d

      SHA1

      62264f8b5c2f5034a1e4143df6e8c787165fbc2f

      SHA256

      86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

      SHA512

      7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

      Download Submit

    • memory/4480-4-0x0000018F6C360000-0x0000018F6D360000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4480-12-0x0000018F6AB80000-0x0000018F6AB81000-memory.dmp

      Filesize

      4KB

      Download