Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://minecraft.net...

windows11-21h2-x64

1

Analysis

  • max time kernel
    1794s
  • max time network
    1799s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15-06-2024 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://minecraft.net/download

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://minecraft.net/download"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3692
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://minecraft.net/download
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1140
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.0.1728997436\84823986" -parentBuildID 20230214051806 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {168e1f9f-a0fd-488f-b318-16e26bfc1e10} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 1816 29d5ac2aa58 gpu
        3⤵
          PID:1940
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.1.675138893\1170641600" -parentBuildID 20230214051806 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {180fa87b-e8f9-4b1a-9f72-1e6f2de55932} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 2360 29d4de89f58 socket
          3⤵
            PID:4952
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.2.1182943668\1536542512" -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 2612 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b449f3b-ab6a-480e-ab0a-750927978d8a} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 3060 29d4de3e858 tab
            3⤵
              PID:4488
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.3.1756440836\599619635" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a8dbbc1-b5d4-4e9a-9591-a5b8193b02a1} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 3632 29d608e5758 tab
              3⤵
                PID:1456
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.4.56443086\1051150487" -childID 3 -isForBrowser -prefsHandle 5096 -prefMapHandle 5088 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e1c9617-392a-41fd-80d6-13115e224ab0} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5104 29d621f9858 tab
                3⤵
                  PID:3920
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.5.2070007139\1791856474" -childID 4 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82fbad0d-92dc-416b-8209-8b97e7cdb306} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5180 29d61b54e58 tab
                  3⤵
                    PID:4884
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.6.2635418\1882671146" -childID 5 -isForBrowser -prefsHandle 5468 -prefMapHandle 5464 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d30c079c-6b2a-498d-bbb3-296f8c6a7d73} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5476 29d61b51258 tab
                    3⤵
                      PID:2100

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  77ff5b76db5a1457236a999c2f61ef29

                  SHA1

                  5295314269f2b0b6c5f64cbcff59778853c367c2

                  SHA256

                  8ea9f495520741d7c20750c81b039f01d554f9d4cfe8c4e3e681b9a453d5c156

                  SHA512

                  c7f2243bc773945ebb581a7e88f0f7d921ad83a558c9d80d1f38c5ba7a5741e0dd1b4896ef341d18eaf7f69c09b2ab91925cc6fea5bbd7dbb66f3ff2e833b84e

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
                  Filesize

                  16KB

                  MD5

                  20543ba182803be57e7378dc260c2a76

                  SHA1

                  e4000ec494be266330e7dccb468288605ee0575a

                  SHA256

                  e7982881ad3d8179e588dafcc5c437015cfdbb85ddc77a2712e69b2c717ad997

                  SHA512

                  243b781964e34f8658301cbc45697f2d8a48020166877ad94d3c5b4ec60cd706c8fe427f8519d6ded26e561a7bc219327bc6f26a92b65eabd5830b84bb5eb8c4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  43c2ed9e38f630d10d0736933f3de3a9

                  SHA1

                  ea17c7ea4de0b35f738746851f04e91ef306f5a5

                  SHA256

                  35c6777985aa1539f807430dc472247019c9a7865c23bec282f96e72c5f62724

                  SHA512

                  5c2fce398fe9ec4c8d2cbe4092a549f4a5316fb419679e3ae7b5a5ba31580e1ce063334c2cc9d217260db6698f0b40254d1f041800e855bb8a9c83ce4e3d5cb6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\bookmarkbackups\bookmarks-2024-06-15_11_QHzClTKVPXbEjZ4dBxgh0A==.jsonlz4
                  Filesize

                  1014B

                  MD5

                  6dc42da886e64e188b3702c0a21910b5

                  SHA1

                  3ecba3d2d41f0a2fbc6816e27d7d73e309aebc4d

                  SHA256

                  e3a69776ea089d1520970ace8e329cf125f4821385e9253dd4533cbbef73d9f1

                  SHA512

                  98b325f84e65e65e53f3fe7beb484a4a07ccbd0ca0826f7a8bd563b251a05ed53a6017b8e8a2ed8658feca37d7264ccc7babc2adea46158e0f1fafecbda20d9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  bea32b911e94dcb1a236fae17884ac64

                  SHA1

                  a780de93c3b6d9e23e22ae6906b90b8489b6b4ac

                  SHA256

                  2cc4e076aa6c1e4a949e8ae8241b90d089a115b5c0f11160470125027d730565

                  SHA512

                  4b308460a4873f8a09801c363614e996e67c839b91fd724b94c429959ad4373e3567a6452f05e228141b418661533343d5dce0ffe5961a6a4559987a87d0a8ba

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  865d5345bffc1400d457f81ffafba533

                  SHA1

                  e4eda66de667205db61bdb04ef8d29d74ebb679b

                  SHA256

                  73ff5ce64040d5ce2544c1d4854ec4103bd96da194935bb5ad421ad4485b18a5

                  SHA512

                  542db10611acaea07cce5f744295f455c9b3255dec0a9c05a5869db89a0f5fe3e4c64e9a5af8dca68d55c4b13da867dd4f667ec0b23ca7b71cf6d712f22c24cb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  2ba74026574759b70da9a212a6081b5e

                  SHA1

                  600d40a136eb2c76f75b3ff5b3850ae78cdd5003

                  SHA256

                  b9e8db5babf36aac4fbb6e76e95b2623bb2758f546e1642a8f11129d1d58dcb9

                  SHA512

                  192754de7bc342af2742185d76c794d115b4f8d676a81542a02d4fe827757843d11882797f426c80a3d6d474511cc51e73f88f725f53212f8f3c7d1c13f62231

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  6c1b188e898cfed939211d1e983305ec

                  SHA1

                  30d66b321b6b5ea44f7ff60493d479fa1c9213af

                  SHA256

                  19807d92b108e4360285efd1a3fdb454cc69817f113646ac5f92c539ac5eb9eb

                  SHA512

                  74d7d09b299cf616ea90c708b20be0d466facf3abe8ba883289e36ecd9480bd1d02da7d2028a40086f42af975513fe5519b426e9ca0b70b137ae176e60f94273

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js
                  Filesize

                  8KB

                  MD5

                  f3596cee435ddc59b1870187a3cbc224

                  SHA1

                  d4e1038e3070b0224b452788372894c2e04e4ea9

                  SHA256

                  a4f0230a0344fb51014da2529f47ed7a3f047733ba5c48b326a56b244c9ab794

                  SHA512

                  fb119a17dc72535778021cbf320bb723ffb5e2a72b27fc25529e349e5c714519572115323fef1837b10444609399b0e173a25053f720f9da17e212ebbc331984

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1018B

                  MD5

                  ae71f7c91fa9248bc9659db588be6862

                  SHA1

                  b54989c13310426ad1310dc43d8028d29b73a70b

                  SHA256

                  279c8fd2f4e8e58e5fd14c93661ad530371d54394a2c1f7b8778c727d28b97df

                  SHA512

                  9e9c77bf93e8959c5eac1881cdcf67ed7f373dfe4a08e9444fcf5e0ac1d1e146e2d548e07a1ea3660878cad90f59ebebb599a9371f68e7fae79265af8d5ba3d0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  2402e4e30b32bf383969c022392f485d

                  SHA1

                  86619a58b9e595cf31a03ddacd004f5d289da50f

                  SHA256

                  761ff8a9901facd34dc17a21d73375af7924a0480ff3141ab7b8a8e853ee75bc

                  SHA512

                  10f2ac3fdbb7ee11322b32276c68b9b40057e0d8f1ddac860fa8e89956f2729e0929a4773bff2e33b7907c17d1d83221df492243560a3e974c9daa1581fb31c0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\targeting.snapshot.json
                  Filesize

                  4KB

                  MD5

                  2741b140ffc2a8ef860b33a7ce91b87f

                  SHA1

                  138ce030212ca72df8296d08ce7f09ce7f0072ab

                  SHA256

                  90d1e2949a02a3cbe9c2e7246fad831a27698eaecf6b80c2655b215bb1703288

                  SHA512

                  7ecbdc276714a9518966afa33446e4de43c00f308a9ef0b624bc3dc47646384c75f09cf3285c31ff3c9b94f3fa8de4e5fd59fb47bc620d80220e855616dfc606

                  Download Submit