Malware Analysis Report

2025-03-15 08:28

Sample ID 241020-vyh8bazgmg
Target appleskin-fabric-mc1.20.1-2.5.1.jar
SHA256 85e23a429634048a2e9addc808914c1c43083083f5e21f2bf3c39c49e5af38b5
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

85e23a429634048a2e9addc808914c1c43083083f5e21f2bf3c39c49e5af38b5

Threat Level: No (potentially) malicious behavior was detected

The file appleskin-fabric-mc1.20.1-2.5.1.jar was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-10-20 17:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 17:23

Reported

2024-10-20 17:26

Platform

win11-20240802-en

Max time kernel

82s

Max time network

85s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\appleskin-fabric-mc1.20.1-2.5.1.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\appleskin-fabric-mc1.20.1-2.5.1.jar

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
GB 104.86.110.96:443 tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

memory/4720-2-0x000001FC9D290000-0x000001FC9D500000-memory.dmp

memory/4720-11-0x000001FC9B970000-0x000001FC9B971000-memory.dmp

memory/4720-12-0x000001FC9D290000-0x000001FC9D500000-memory.dmp