Overview
overview
3Static
static
3mig/dist/M...64.dll
windows7-x64
1mig/dist/M...64.dll
windows10-2004-x64
1mig/dist/M...64.dll
windows7-x64
1mig/dist/M...64.dll
windows10-2004-x64
1mig/dist/M...-3.dll
windows7-x64
1mig/dist/M...-3.dll
windows10-2004-x64
1mig/dist/M...-8.dll
windows7-x64
1mig/dist/M...-8.dll
windows10-2004-x64
1mig/dist/M...-3.dll
windows7-x64
1mig/dist/M...-3.dll
windows10-2004-x64
1mig/dist/M...at.dll
windows7-x64
1mig/dist/M...at.dll
windows10-2004-x64
1mig/dist/M...12.dll
windows7-x64
1mig/dist/M...12.dll
windows10-2004-x64
1mig/dist/M...ct.dll
windows7-x64
1mig/dist/M...ct.dll
windows10-2004-x64
1mig/dist/M...to.vbs
windows7-x64
1mig/dist/M...to.vbs
windows10-2004-x64
1mig/dist/M...ck.vbs
windows7-x64
1mig/dist/M...ck.vbs
windows10-2004-x64
1mig/dist/M...tp.ps1
windows7-x64
3mig/dist/M...tp.ps1
windows10-2004-x64
3mig/dist/M...it.vbs
windows7-x64
1mig/dist/M...it.vbs
windows10-2004-x64
1mig/dist/M...ox.vbs
windows7-x64
1mig/dist/M...ox.vbs
windows10-2004-x64
1mig/dist/M...et.vbs
windows7-x64
1mig/dist/M...et.vbs
windows10-2004-x64
1mig/dist/M...nu.vbs
windows7-x64
1mig/dist/M...nu.vbs
windows10-2004-x64
1mig/dist/M...nc.ps1
windows7-x64
3mig/dist/M...nc.ps1
windows10-2004-x64
3Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
19-06-2024 11:15
Behavioral task
behavioral1
Sample
mig/dist/Minecraft code gen/_internal/charset_normalizer/md.cp312-win_amd64.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
mig/dist/Minecraft code gen/_internal/charset_normalizer/md.cp312-win_amd64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
mig/dist/Minecraft code gen/_internal/charset_normalizer/md__mypyc.cp312-win_amd64.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
mig/dist/Minecraft code gen/_internal/charset_normalizer/md__mypyc.cp312-win_amd64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
mig/dist/Minecraft code gen/_internal/libcrypto-3.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
mig/dist/Minecraft code gen/_internal/libcrypto-3.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
mig/dist/Minecraft code gen/_internal/libffi-8.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
mig/dist/Minecraft code gen/_internal/libffi-8.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
mig/dist/Minecraft code gen/_internal/libssl-3.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
mig/dist/Minecraft code gen/_internal/libssl-3.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
mig/dist/Minecraft code gen/_internal/pyexpat.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
mig/dist/Minecraft code gen/_internal/pyexpat.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
mig/dist/Minecraft code gen/_internal/python312.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
mig/dist/Minecraft code gen/_internal/python312.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
mig/dist/Minecraft code gen/_internal/select.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
mig/dist/Minecraft code gen/_internal/select.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
mig/dist/Minecraft code gen/_internal/tcl/auto.vbs
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
mig/dist/Minecraft code gen/_internal/tcl/auto.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
mig/dist/Minecraft code gen/_internal/tcl/clock.vbs
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
mig/dist/Minecraft code gen/_internal/tcl/clock.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
mig/dist/Minecraft code gen/_internal/tcl/http1.0/http.ps1
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
mig/dist/Minecraft code gen/_internal/tcl/http1.0/http.ps1
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
mig/dist/Minecraft code gen/_internal/tcl/init.vbs
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
mig/dist/Minecraft code gen/_internal/tcl/init.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
mig/dist/Minecraft code gen/_internal/tk/listbox.vbs
Resource
win7-20240419-en
Behavioral task
behavioral26
Sample
mig/dist/Minecraft code gen/_internal/tk/listbox.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
mig/dist/Minecraft code gen/_internal/tk/megawidget.vbs
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
mig/dist/Minecraft code gen/_internal/tk/megawidget.vbs
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
mig/dist/Minecraft code gen/_internal/tk/menu.vbs
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
mig/dist/Minecraft code gen/_internal/tk/menu.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
mig/dist/Minecraft code gen/_internal/tk/mkpsenc.ps1
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
mig/dist/Minecraft code gen/_internal/tk/mkpsenc.ps1
Resource
win10v2004-20240226-en
General
-
Target
mig/dist/Minecraft code gen/_internal/tcl/http1.0/http.ps1
-
Size
9KB
-
MD5
c2092f8ca2d761dfa8c461076d956374
-
SHA1
90b4648b3bc81c30465b0be83a5db4127a1392fb
-
SHA256
8c474095a3aba7df5b488f3d35240d6de729e57153980c2a898728b8c407a727
-
SHA512
09ce408886e2ceaddf70786a15d63af9a930e70cac4286ac9ddd2094c8edcf97a2adc2d3d2659b123f88719340d3b00d9f96e9bc7c8b55192735c290e7d24683
-
SSDEEP
192:kipkqA3KsZMAikGJ4kIWPa95KTBoF7dg/8YNkgQ4id:TkqWKsZ8kGJ4kIWPaDFzTd
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 2168 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2168 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\mig\dist\Minecraft code gen\_internal\tcl\http1.0\http.ps1"1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2168