83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

MinecraftI...er.exe

windows7-x64

3

MinecraftI...er.exe

windows10-2004-x64

7

Sharing

General

Target

MinecraftInstaller.exe
Size

32.3MB
Sample

241217-qkw5ssznfw
MD5

4f02ac057355b5dc73ea28aecd2d56b4
SHA1

32591cb75779a3e308a44e75a76f821e7dee11e0
SHA256

83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4
SHA512

9eb08f85559df6af9192bec8904097d4e43a832ba9e9cc1c7be1a366af8d103c3a6db3886f00927ae5eb62055fbc770c7b5a3d2a122a0b460b51136083015368
SSDEEP

393216:nbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9ye:6Zn/G4Gqk1cWe2iTVCMue3E

Score

7^/10

microsoft discovery persistence phishing privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

MinecraftInstaller.exe

Resource

win7-20240903-en

windows7-x64

9 signatures

1800 seconds

Behavioral task

behavioral2

Sample

MinecraftInstaller.exe

Resource

win10v2004-20241007-en

microsoft discovery persistence phishing privilege_escalation

windows10-2004-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  MinecraftInstaller.exe
- Size
  
  32.3MB
- MD5
  
  4f02ac057355b5dc73ea28aecd2d56b4
- SHA1
  
  32591cb75779a3e308a44e75a76f821e7dee11e0
- SHA256
  
  83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4
- SHA512
  
  9eb08f85559df6af9192bec8904097d4e43a832ba9e9cc1c7be1a366af8d103c3a6db3886f00927ae5eb62055fbc770c7b5a3d2a122a0b460b51136083015368
- SSDEEP
  
  393216:nbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9ye:6Zn/G4Gqk1cWe2iTVCMue3E
Score

7^/10

discovery microsoft persistence phishing privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

microsoftdiscoverypersistencephishingprivilege_escalation

© 2018-2024

Terms | Privacy