Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/02/2024, 20:49
Static task
static1
Behavioral task
behavioral1
Sample
Minecraft Launcher.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Minecraft Launcher.exe
Resource
win10v2004-20240221-en
General
-
Target
Minecraft Launcher.exe
-
Size
1.6MB
-
MD5
689568710a8ab5c54dcba95acd2e3b53
-
SHA1
9739db03da71e8b79b7cecaf8908975d37a26a73
-
SHA256
28148908befb0382c4c3f629c1a5f9a4f93b09855968e444de78d95c6dad86a4
-
SHA512
701871548f4dd7f3c00f601e0a4c3f9b9cbf28fc6b98a4adedc7f861dd253dbba3dfb91d2edd5d589944fde935c184d0049e4ea7c760feb8e218878d031bf056
-
SSDEEP
49152:7NY/oae1UgHrnRAST8XrhaRY0T+nqO4P4dj:q/BWrn3T8hiVT+ne4dj
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2660 javaw.exe 2660 javaw.exe 2660 javaw.exe 2660 javaw.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2828 wrote to memory of 2660 2828 Minecraft Launcher.exe 28 PID 2828 wrote to memory of 2660 2828 Minecraft Launcher.exe 28 PID 2828 wrote to memory of 2660 2828 Minecraft Launcher.exe 28 PID 2828 wrote to memory of 2660 2828 Minecraft Launcher.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2828 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"2⤵
- Suspicious use of SetWindowsHookEx
PID:2660
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD5d141cc8e71a3351f1aacb88a74b45fa4
SHA1323cb27d8b7772b4b928a00706d4efe3b1104f52
SHA2562788675e062e1111ead50a9a05971a7c11fe6246a89f571cf9f59ed68c72bb17
SHA512315dfcf01f450b907f2cdfc9661db728789ec2440dd6985d914d024bd3c0798e602f7e230e60a8ffee8f39c95de68477d3b4def580a292e263d48bc23babae09