d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478

Submit
Reports

Overview

overview

Static

static

Minecraft....io.exe

windows11-21h2-x64

Data/Pytho...le.pyc

windows11-21h2-x64

Data/Pytho...y3.pyc

windows11-21h2-x64

Data/Pytho...ig.pyc

windows11-21h2-x64

Data/Pytho...ke.pyc

windows11-21h2-x64

Data/Pytho...cs.pyc

windows11-21h2-x64

Data/Pytho...rs.pyc

windows11-21h2-x64

Data/Pytho...as.pyc

windows11-21h2-x64

Data/Pytho...le.pyc

windows11-21h2-x64

Data/Pytho...me.pyc

windows11-21h2-x64

Data/Pytho...ng.pyc

windows11-21h2-x64

Data/Pytho...on.pyc

windows11-21h2-x64

Data/Pytho...ort.py

windows11-21h2-x64

Data/audio.dll

windows11-21h2-x64

Data/file.dll

windows11-21h2-x64

Data/gmbinaryfile.dll

windows11-21h2-x64

Data/midiinput.dll

windows11-21h2-x64

Data/move.bat

windows11-21h2-x64

Data/wallpaper.bat

windows11-21h2-x64

Data/window.dll

windows11-21h2-x64

DialogModule.dll

windows11-21h2-x64

ExecuteShell.dll

windows11-21h2-x64

FileDropper.dll

windows11-21h2-x64

Minecraft ...io.exe

windows11-21h2-x64

NBS Player Mode.bat

windows11-21h2-x64

NekoPresence.dll

windows11-21h2-x64

ffmpeg.exe

windows11-21h2-x64

ffprobe.exe

windows11-21h2-x64

pygml.dll

windows11-21h2-x64

python38.dll

windows11-21h2-x64

uninstall.exe

windows11-21h2-x64

window_set_icon.dll

windows11-21h2-x64

Analysis

max time kernel
432s
max time network
436s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
01-08-2024 20:53

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Minecraft.Note.Block.Studio.exe

Resource

win11-20240730-en

windows11-21h2-x64

19 signatures

600 seconds

Behavioral task

behavioral2

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/data/pass/simple.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral3

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/data/pass/simple_py3.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral4

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/data/pass/ufunc_config.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral5

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/data/pass/ufunclike.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral6

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/data/pass/ufuncs.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral7

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/data/pass/warnings_and_errors.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral8

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/test_generic_alias.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral9

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/test_isfile.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral10

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/test_runtime.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral11

Sample

Data/Python/Lib/site-packages/numpy/typing/tests/test_typing.pyc

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral12

Sample

Data/Python/Lib/site-packages/numpy/version.pyc

Resource

win11-20240730-en

windows11-21h2-x64

3 signatures

600 seconds

Behavioral task

behavioral13

Sample

Data/Python/audio_export.py

Resource

win11-20240730-en

windows11-21h2-x64

3 signatures

600 seconds

Behavioral task

behavioral14

Sample

Data/audio.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

3 signatures

600 seconds

Behavioral task

behavioral15

Sample

Data/file.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

3 signatures

600 seconds

Behavioral task

behavioral16

Sample

Data/gmbinaryfile.dll

Resource

win11-20240729-en

discovery

windows11-21h2-x64

2 signatures

600 seconds

Behavioral task

behavioral17

Sample

Data/midiinput.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

2 signatures

600 seconds

Behavioral task

behavioral18

Sample

Data/move.bat

Resource

win11-20240730-en

windows11-21h2-x64

1 signatures

600 seconds

Behavioral task

behavioral19

Sample

Data/wallpaper.bat

Resource

win11-20240730-en

windows11-21h2-x64

0 signatures

600 seconds

Behavioral task

behavioral20

Sample

Data/window.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

3 signatures

600 seconds

Behavioral task

behavioral21

Sample

DialogModule.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

2 signatures

600 seconds

Behavioral task

behavioral22

Sample

ExecuteShell.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

3 signatures

600 seconds

Behavioral task

behavioral23

Sample

FileDropper.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

2 signatures

600 seconds

Behavioral task

behavioral24

Sample

Minecraft Note Block Studio.exe

Resource

win11-20240730-en

discovery

windows11-21h2-x64

7 signatures

600 seconds

Behavioral task

behavioral25

Sample

NBS Player Mode.bat

Resource

win11-20240730-en

discovery

windows11-21h2-x64

6 signatures

600 seconds

Behavioral task

behavioral26

Sample

NekoPresence.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

2 signatures

600 seconds

Behavioral task

behavioral27

Sample

ffmpeg.exe

Resource

win11-20240730-en

discovery

windows11-21h2-x64

1 signatures

600 seconds

Behavioral task

behavioral28

Sample

ffprobe.exe

Resource

win11-20240730-en

discovery

windows11-21h2-x64

1 signatures

600 seconds

Behavioral task

behavioral29

Sample

pygml.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

3 signatures

600 seconds

Behavioral task

behavioral30

Sample

python38.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

3 signatures

600 seconds

Behavioral task

behavioral31

Sample

uninstall.exe

Resource

win11-20240730-en

discovery

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral32

Sample

window_set_icon.dll

Resource

win11-20240730-en

discovery

windows11-21h2-x64

2 signatures

600 seconds

Report Analysis Logs

General

Target

Data/move.bat
Size

37B
MD5

1dc4e793875d58a31b6436c3f532fff6
SHA1

5b5514842c6020cba9a9f4f7468ffd9d03d7b281
SHA256

202070e706ad43ba8b66332c72b3829ac6c885ee08be74bf089f3af270b83efb
SHA512

21e145b911519bf26cd32353fb04c448695efa51a6ff213d511f34ca4b25afd3bcdd06a1d580e5f0cc8c2c692019175975aea25675079757e3eb2849989b2956

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 4168	2896	cmd.exe	82
PID 2896 wrote to memory of 4168	2896	cmd.exe	82

Processes

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Data\move.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Temp\Data\TempDatapack" /s /q /y
  2⤵
  PID:4168

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads