94d4b2ce684cebf2ef20fc14b78041a257cf50e2197a6ce6bec74f2470590379 | Triage

Resubmissions

04/10/2024, 15:16

241004-snqhja1ejk 7

04/10/2024, 15:04

241004-sfzfga1all 7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 15:04

Sharing

Report Analysis Logs

General

Target

minecraft.exe
Size

14.0MB
MD5

c472b83a60aa74c29765d96e691da702
SHA1

616cdd8d01bac7c0feb928e51a3ed5b69dae096c
SHA256

94d4b2ce684cebf2ef20fc14b78041a257cf50e2197a6ce6bec74f2470590379
SHA512

1fdfbe354c90574fd48ad8c285a4cd2e99d8d0726fdb61515a132c425f318f472406aafc8e55dcbaa7492ef276cac990bbaff4e97698fdee27b127d1f15440d0
SSDEEP

393216:7ZV2+W80KygpgPYVnNSMF1+TtIiLQSUau504NsIy5HVZ14:7HPW80KygpgPQH1QtI2a50DIaZi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2356	minecraft.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2356	2444	minecraft.exe	30
PID 2444 wrote to memory of 2356	2444	minecraft.exe	30
PID 2444 wrote to memory of 2356	2444	minecraft.exe	30

C:\Users\Admin\AppData\Local\Temp\minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\minecraft.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\minecraft.exe
  "C:\Users\Admin\AppData\Local\Temp\minecraft.exe"
  2⤵
  - Loads dropped DLL
  PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24442\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit