Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
28-05-2024 11:45
General
-
Target
minecraft.exe
-
Size
5.2MB
-
MD5
3d3c959b661b213565354e7df3762e40
-
SHA1
13425f918c41e76cc0ed5af220b2fe6c64c437d1
-
SHA256
cee36fb9b19f3b8478c8935e17a2a3705cec8d446b9d71156ebc51398f12cfe3
-
SHA512
0afa3ed955e0185732473f11d63b542aa1ab3d13f73e7d6d1049a55c91a84737c1390071206664dbc1f4ad9931170becb11aded999f5d4093c314487e7a544c4
-
SSDEEP
98304:bn0KIDTGpzoLLJ3TbwaVvrZE0I7yoFQK15W8ASLmbNYJERw1jrTHD1D+NBYK:bnXIm9onJ5hrZEnyiU8AdZYJERurT0vY
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 48 IoCs
-
Suspicious use of SendNotifyMessage 47 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\minecraft.exe"C:\Users\Admin\AppData\Local\Temp\minecraft.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\minecraft.exe"C:\Users\Admin\AppData\Local\Temp\minecraft.exe"2⤵
- Loads dropped DLL
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI28962\python39.dllFilesize
4.3MB
MD511c051f93c922d6b6b4829772f27a5be
SHA142fbdf3403a4bc3d46d348ca37a9f835e073d440
SHA2560eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c
SHA5121cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6
-
memory/1988-23-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB