36762fcc3d91fac0d2ca0fd463bc661a8fb70f3f333864b02ded85bbb0c0317e

Analysis

max time kernel
30s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minecraft Launcher.exe
Size

4.4MB
MD5

fd5ec0faf545ed3238ac8aaf6b1857fd
SHA1

2ab91e96d0297b410b41172a5f686f28a1eebc4f
SHA256

36762fcc3d91fac0d2ca0fd463bc661a8fb70f3f333864b02ded85bbb0c0317e
SHA512

9fd65e602f733ae22cc6e50ece8e8a6c6dc7fc694ebc96d6d0bf682d79c7e3c05186782ba9a8c39f6900202dd18c663f71fbfdd401ff49771caf5be2ff3e9bf1
SSDEEP

98304:pdSv4EWhP2ncbEZIXe02iI+5BcuLwGMs/jVjNV4:pEqhP2nczO02iI+ZLwts/JjNu

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1456	icacls.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4136	javaw.exe
4136	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 4136	1976	Minecraft Launcher.exe	85
PID 1976 wrote to memory of 4136	1976	Minecraft Launcher.exe	85
PID 4136 wrote to memory of 1456	4136	javaw.exe	87
PID 4136 wrote to memory of 1456	4136	javaw.exe	87

C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4136
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:1456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
3ec418a8d83f0ae8f220674b653dc4cf

SHA1
44a0c2f9c0a6b3eb4647b63c370cee4b380566d2

SHA256
b17b477964096ca4bea1a329181ca43f27bffc5bd5ff1a606eedc226214176eb

SHA512
6307fa1f5329ff7882b7b795e9680714c4e1c27d3cfc25ac88bb50c190c88fc9769a24b7e802454411265622aa59bbbb643bf8d706d1d2a20e39baff185036de

Download Submit
memory/1976-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4136-27-0x000001D8BE810000-0x000001D8BE811000-memory.dmp

Filesize
4KB

Download
memory/4136-12-0x000001D8BE810000-0x000001D8BE811000-memory.dmp

Filesize
4KB

Download
memory/4136-19-0x000001D8C00E0000-0x000001D8C10E0000-memory.dmp

Filesize
16.0MB

Download
memory/4136-23-0x000001D8C00E0000-0x000001D8C10E0000-memory.dmp

Filesize
16.0MB

Download
memory/4136-7-0x000001D8C00E0000-0x000001D8C10E0000-memory.dmp

Filesize
16.0MB

Download
memory/4136-30-0x000001D8C00E0000-0x000001D8C10E0000-memory.dmp

Filesize
16.0MB

Download
memory/4136-31-0x000001D8BE810000-0x000001D8BE811000-memory.dmp

Filesize
4KB

Download
memory/4136-35-0x000001D8C00E0000-0x000001D8C10E0000-memory.dmp

Filesize
16.0MB

Download
memory/4136-39-0x000001D8C00E0000-0x000001D8C10E0000-memory.dmp

Filesize
16.0MB

Download
memory/4136-40-0x000001D8BE810000-0x000001D8BE811000-memory.dmp

Filesize
4KB

Download
memory/4136-46-0x000001D8BE810000-0x000001D8BE811000-memory.dmp

Filesize
4KB

Download