Overview

overview

1

Static

static

1

MinecraftI...er.exe

windows10-2004-x64

1

MinecraftI...er.exe

windows11-21h2-x64

1

Resubmissions

18/06/2024, 07:57

240618-jtd71sthkb 1

01/06/2024, 14:06

240601-rehwnaec6y 1

29/12/2022, 21:46

221229-1mryzaec36 8

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/06/2024, 07:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MinecraftInstaller.exe

  • Size

    31.8MB

  • MD5

    24c96f96660bcedbf8648c8e43c3630c

  • SHA1

    127dbeec1e9a7b8db42704172ba9e9bae0269754

  • SHA256

    2b0e05e169643319074f306153e55f2d839adb0378d6e721c04198233b892bfa

  • SHA512

    ed01d726284b92f0c594db2b4644903109c1f7ec650b6572207d1f1d8fe26e97dd3d89df6296b625023f0c63148b5ae543db21573c60aa487c57414219e3916c

  • SSDEEP

    393216:Ubekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9yt:vZn/G4Gqk1cWe2iTVCMue3T

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: LoadsDriver 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1268
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:644
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="644.0.1019204558\1231858019" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f93fb5d6-5ba1-4977-be38-2b3a728a6a9c} 644 "\\.\pipe\gecko-crash-server-pipe.644" 1900 264bee04d58 gpu
        3⤵
          PID:2532
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="644.1.1469818332\1805776072" -parentBuildID 20230214051806 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f75aee75-6b7a-47e8-b6db-07421f6d0570} 644 "\\.\pipe\gecko-crash-server-pipe.644" 2468 264b218ae58 socket
          3⤵
          • Checks processor information in registry
          PID:736
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="644.2.1934792033\98449572" -childID 1 -isForBrowser -prefsHandle 1292 -prefMapHandle 2772 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1072 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78209562-c8e1-413e-a418-23c3a51a6881} 644 "\\.\pipe\gecko-crash-server-pipe.644" 3076 264c1cf5058 tab
          3⤵
            PID:3076
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="644.3.738120260\1050929707" -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1072 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df5e5882-6586-4b09-8552-d033c1c019fc} 644 "\\.\pipe\gecko-crash-server-pipe.644" 3960 264c39e0e58 tab
            3⤵
              PID:5072
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="644.4.683086753\2050976766" -childID 3 -isForBrowser -prefsHandle 4904 -prefMapHandle 5044 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1072 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ace1f3-2e02-4ddc-8a54-b4588f0d5337} 644 "\\.\pipe\gecko-crash-server-pipe.644" 4860 264c5c53858 tab
              3⤵
                PID:3684
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="644.5.39332575\1755178336" -childID 4 -isForBrowser -prefsHandle 5184 -prefMapHandle 5192 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1072 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5905b190-48d8-4ce4-984d-86cc3500feb3} 644 "\\.\pipe\gecko-crash-server-pipe.644" 5176 264c5c52058 tab
                3⤵
                  PID:844
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="644.6.710590610\893074755" -childID 5 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1072 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad7ff61f-c2b6-404e-81b5-abe762cdcc3f} 644 "\\.\pipe\gecko-crash-server-pipe.644" 5360 264c5c52c58 tab
                  3⤵
                    PID:3436

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
                Filesize

                23KB

                MD5

                bad63ffc7fa697a3f5cc512d6ed4d68b

                SHA1

                97b9dda252e0fdf96f1ac12172069e735dc0a809

                SHA256

                c9a586eb1a3a10f43b5b70d440a6f7ed1346605cf9e780ef78f7e526b091fd35

                SHA512

                88af5fd2f0d001ed34194b50b6927d50449468476d82a4aa5586a6f50ce938b4a8043bd7617027ca9c6a3079a6ac28a76dd41cac2b4dc9ba9072f3abf4287a5b

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
                Filesize

                7KB

                MD5

                e10823b0213e3e2aa28f55728d035369

                SHA1

                9477bbf81d72b06166ea92830d53d25e2e837731

                SHA256

                92fb6190d967e0afa2a7cf7ae352e1f66ab815e3a50bd39802238b8203939050

                SHA512

                a8ced2c06b9b01602a83ef15fc05d1841f296436f38448574c4b272fc180aab57b201828e204eddc60334c64d02c6ff9f3c843892d9f8c3864ec593dd168cedc

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
                Filesize

                1KB

                MD5

                76be2e0a064848bb23ff88885013e6b6

                SHA1

                640c4850358b05c17956f4f82120d40c0336982d

                SHA256

                feffdd538334bd4e7f152d2ef430b3392d153ebeb793e466c70dc423c0094573

                SHA512

                319b430eedb08d02bb79cf1ddb81dbd6cca1fa94bfd38c88861976532ee82cef5f34d13e2dc329761eaeecaaee0e5db8dd75377d5d1b20ef6e9637f2a1465b12

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore.jsonlz4
                Filesize

                1003B

                MD5

                7e7bb2f16f6019a5b4b41467ab1ebfda

                SHA1

                2c5dd488f01ea7a6d25d290ef2d40060b831415c

                SHA256

                51ef839bab0910d0706d420a86efe58db15d79175393943a7dacb6dca4501cbf

                SHA512

                943c1c61993a0505fdf5be2fd1c7983a03e31ce5012cfe1311d5dc97c0dbfbdfc246e066571f2a8149b239c5ada9008b5fd2daa2c048fcf64257edaffeef4893

                Download Submit

              • memory/1268-11-0x000000000B450000-0x000000000B45A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/1268-14-0x0000000074E60000-0x0000000075610000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/1268-7-0x000000000AB00000-0x000000000AB08000-memory.dmp

                Filesize

                32KB

                Download

              • memory/1268-8-0x0000000074E60000-0x0000000075610000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/1268-9-0x000000000B3E0000-0x000000000B418000-memory.dmp

                Filesize

                224KB

                Download

              • memory/1268-10-0x000000000ABA0000-0x000000000ABAE000-memory.dmp

                Filesize

                56KB

                Download

              • memory/1268-0-0x0000000074E6E000-0x0000000074E6F000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1268-12-0x000000000B4A0000-0x000000000B4C6000-memory.dmp

                Filesize

                152KB

                Download

              • memory/1268-13-0x0000000074E6E000-0x0000000074E6F000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1268-6-0x0000000074E60000-0x0000000075610000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/1268-15-0x0000000074E60000-0x0000000075610000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/1268-16-0x0000000074E60000-0x0000000075610000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/1268-18-0x0000000074E60000-0x0000000075610000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/1268-5-0x0000000008350000-0x0000000008358000-memory.dmp

                Filesize

                32KB

                Download

              • memory/1268-4-0x0000000074E60000-0x0000000075610000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/1268-2-0x0000000007700000-0x00000000078C2000-memory.dmp

                Filesize

                1.8MB

                Download

              • memory/1268-1-0x00000000009D0000-0x000000000299A000-memory.dmp

                Filesize

                31.8MB

                Download