Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22/02/2024, 20:49
Static task
static1
Behavioral task
behavioral1
Sample
Minecraft Launcher.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Minecraft Launcher.exe
Resource
win10v2004-20240221-en
General
-
Target
Minecraft Launcher.exe
-
Size
1.6MB
-
MD5
689568710a8ab5c54dcba95acd2e3b53
-
SHA1
9739db03da71e8b79b7cecaf8908975d37a26a73
-
SHA256
28148908befb0382c4c3f629c1a5f9a4f93b09855968e444de78d95c6dad86a4
-
SHA512
701871548f4dd7f3c00f601e0a4c3f9b9cbf28fc6b98a4adedc7f861dd253dbba3dfb91d2edd5d589944fde935c184d0049e4ea7c760feb8e218878d031bf056
-
SSDEEP
49152:7NY/oae1UgHrnRAST8XrhaRY0T+nqO4P4dj:q/BWrn3T8hiVT+ne4dj
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 1144 icacls.exe -
Drops file in Program Files directory 12 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb javaw.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 5112 wrote to memory of 1400 5112 Minecraft Launcher.exe 86 PID 5112 wrote to memory of 1400 5112 Minecraft Launcher.exe 86 PID 1400 wrote to memory of 1144 1400 javaw.exe 87 PID 1400 wrote to memory of 1144 1400 javaw.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"2⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1400 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
PID:1144
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5f32df0c4e54c588304997d449a783ffd
SHA1f23155799d908e85f296868067ac556e715f8d28
SHA25637941c33139ca3a299700de330f001e4f7aa49ecd5f1be90b417338ac683fbf1
SHA5128efbc22b358b28cfc6b55440e7cbee1fd1c1a01f13b4b394e8305b29ab74bff4d9a52f7b8cf11378f438589fdecbfd2decfeab3b37e0c0587d8c750fb0f2b8cb