Overview

overview

3

Static

static

1

Slime Pack.zip

windows7-x64

1

Slime Pack.zip

windows10-2004-x64

1

Slime Pack...ll.txt

windows7-x64

1

Slime Pack...ll.txt

windows10-2004-x64

1

Slime Pack...ff.txt

windows7-x64

1

Slime Pack...ff.txt

windows10-2004-x64

1

Slime Pack...bmodel

windows7-x64

3

Slime Pack...bmodel

windows10-2004-x64

3

Slime Pack...bmodel

windows7-x64

3

Slime Pack...bmodel

windows10-2004-x64

3

Slime Pack...bmodel

windows7-x64

3

Slime Pack...bmodel

windows10-2004-x64

3

Slime Pack...bmodel

windows7-x64

3

Slime Pack...bmodel

windows10-2004-x64

3

Slime Pack...bmodel

windows7-x64

3

Slime Pack...bmodel

windows10-2004-x64

3

Slime Pack...bmodel

windows7-x64

3

Slime Pack...bmodel

windows10-2004-x64

3

Slime Pack...bmodel

windows7-x64

3

Slime Pack...bmodel

windows10-2004-x64

3

Slime Pack...bmodel

windows7-x64

3

Slime Pack...bmodel

windows10-2004-x64

3

Slime Pack...bmodel

windows7-x64

3

Slime Pack...bmodel

windows10-2004-x64

3

Slime Pack...bs.yml

windows7-x64

3

Slime Pack...bs.yml

windows10-2004-x64

3

Slime Pack...ls.yml

windows7-x64

3

Slime Pack...ls.yml

windows10-2004-x64

3

Slime Pack...f92548

windows7-x64

1

Slime Pack...f92548

windows10-2004-x64

1

Slime Pack...r.json

windows7-x64

3

Slime Pack...r.json

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 01:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Slime Pack/resourcepack (for players)/assets/minecraft/models/item/leather_horse_armor.json

  • Size

    2KB

  • MD5

    8159e1cefe03b28f85c462c983f267b7

  • SHA1

    ef10b268e7a360564898654c7c328f35a839eec8

  • SHA256

    8ebd5293a12763f26dcffa5a5d8cb511dbb5dd432d76f9e41bf06c9afa3225f4

  • SHA512

    5de654625ec0b48d0c874c618c301ef9108e4f8308c0f16bd420512b8978969072d7a67cadd90b8711f04dee12235d86c94e1bc5bd7d7ad4da175b295190b747

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Slime Pack\resourcepack (for players)\assets\minecraft\models\item\leather_horse_armor.json"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Slime Pack\resourcepack (for players)\assets\minecraft\models\item\leather_horse_armor.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Slime Pack\resourcepack (for players)\assets\minecraft\models\item\leather_horse_armor.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    535cc5d246039317018857863ae1d2fc

    SHA1

    d1d1a6d87be4553857188b45c898a6edf3e6ab76

    SHA256

    65939194002f5fa1aa9b58bc575450218ae9140388b25c1b9b06d077b7d30033

    SHA512

    44a102253259098c1d2ef41001113078a92cff5e4cf7cb8cfb70b61cdabd51c22945d529050a51666f677bd9b7e7e87655a006edb4d884510ab7b70e9c07deb8

    Download Submit