File name:

Minecraft Team Extreme Launcher CRAZY TEAM.exe

Full analysis: https://app.any.run/tasks/b0de20a9-2d09-4587-9932-613b5f541956
Verdict: Malicious activity
Analysis date: January 11, 2024, 08:59:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

046A78D20889A0B96B84646B2E59729F

SHA1:

607ECB749D947D8289FAC8073F2764B94ACF6B98

SHA256:

6DFEADBD0411202222726BAD50F62547246494D82ACB1CB8A2A9448541CF3823

SSDEEP:

49152:ruE0d8462CB8+LtmyvCsuhmvVxdR0I/+zC4ZknGoxnUoButMVzy7mOr4zIioKBJW:CvC1Za+LtmyvZuqVxX0WEgGcnUoButMs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Checks for Java to be installed

      • Minecraft Team Extreme Launcher CRAZY TEAM.exe (PID: 120)

  • INFO

    • Checks supported languages

      • javaw.exe (PID: 128)
      • Minecraft Team Extreme Launcher CRAZY TEAM.exe (PID: 120)

    • Drops the executable file immediately after the start

      • Minecraft Team Extreme Launcher CRAZY TEAM.exe (PID: 120)

    • Reads the machine GUID from the registry

      • javaw.exe (PID: 128)

    • Create files in a temporary directory

      • javaw.exe (PID: 128)

    • Reads the computer name

      • javaw.exe (PID: 128)

    • Creates files in the program directory

      • javaw.exe (PID: 128)

    • Creates files or folders in the user directory

      • javaw.exe (PID: 128)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (41)
.exe | Win64 Executable (generic) (36.3)
.dll | Win32 Dynamic Link Library (generic) (8.6)
.exe | Win32 Executable (generic) (5.9)
.exe | Win16/32 Executable Delphi generic (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2015:04:04 20:08:41+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.22
CodeSize: 18432
InitializedDataSize: 18432
UninitializedDataSize: 36864
EntryPoint: 0x1290
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 3.5.1.0
ProductVersionNumber: 1.8.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Windows NT
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: TeamExtreme
FileDescription: 1.8.1 Minecraft Launcher
FileVersion: 3.5.1
InternalName: Minecraft Launcher
LegalCopyright: TeamExtreme
OriginalFileName: Minecraft Launcher.exe
ProductName: TeamExtreme Minecraft Launcher
ProductVersion: 1.8.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start minecraft team extreme launcher crazy team.exe no specs javaw.exe icacls.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Users\admin\AppData\Local\Temp\Minecraft Team Extreme Launcher CRAZY TEAM.exe" C:\Users\admin\AppData\Local\Temp\Minecraft Team Extreme Launcher CRAZY TEAM.exeexplorer.exe
User:
admin
Company:
TeamExtreme
Integrity Level:
MEDIUM
Description:
1.8.1 Minecraft Launcher
Exit code:
0
Version:
3.5.1
Modules
Images
c:\users\admin\appdata\local\temp\minecraft team extreme launcher crazy team.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
128"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\admin\AppData\Local\Temp\Minecraft Team Extreme Launcher CRAZY TEAM.exe"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe
Minecraft Team Extreme Launcher CRAZY TEAM.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1056C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MC:\Windows\System32\icacls.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
Total events
488
Read events
486
Write events
2
Delete events
0

Modification events

(PID) Process:(128) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(128) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
javaw.exe
Executable files
0
Suspicious files
3
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
128javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\servers.datbinary
MD5:A0A1E0A23EDA0BF2961BD8E8F7D84C87
SHA256:89C9E9B9DCE117D9B281679023CFBBECF3460BD49B84E2B2F8E35FC72F2C482D
128javaw.exeC:\Users\admin\AppData\Local\Temp\imageio6140911170751535791.tmpimage
MD5:D141CC8E71A3351F1AACB88A74B45FA4
SHA256:2788675E062E1111EAD50A9A05971A7C11FE6246A89F571CF9F59ED68C72BB17
128javaw.exeC:\Users\admin\AppData\Local\Temp\imageio5647223426160618090.tmpimage
MD5:E7E38B97A9FE7E0BB219AAF28BB750B7
SHA256:99EDDE5742D3F824EB8F1EA03CCBDB969A04F94235CAE509644A442F8EBB039E
128javaw.exeC:\Users\admin\AppData\Local\Temp\imageio6601525138145373064.tmpimage
MD5:D141CC8E71A3351F1AACB88A74B45FA4
SHA256:2788675E062E1111EAD50A9A05971A7C11FE6246A89F571CF9F59ED68C72BB17
128javaw.exeC:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8061.timestamptext
MD5:96DB8693B9A888365B65687296080DD3
SHA256:F6969EBFA269355C5557AB7C7C879192941C03DC5B3062F27F8C2C6C8170C386
128javaw.exeC:\Users\admin\AppData\Local\Temp\imageio6504582321191377880.tmpimage
MD5:91D3708A258E5F789E2AE888CF68F66F
SHA256:0AD2672561C2BA4E86C38702682BD84D720351F3E5C4CA232F0043AAB7FA8B28
128javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\Read Me!.urltext
MD5:FFA157178D9281ED769E695F6225B91D
SHA256:4BAA30A7D1B4A1EB9E74BBD207B78BC35E74205A9B88A66D47F3E86C3B3E5C3C
128javaw.exeC:\Users\admin\AppData\Local\Temp\imageio8507124768866434181.tmpimage
MD5:D141CC8E71A3351F1AACB88A74B45FA4
SHA256:2788675E062E1111EAD50A9A05971A7C11FE6246A89F571CF9F59ED68C72BB17
128javaw.exeC:\Users\admin\AppData\Local\Temp\imageio8748160030543184232.tmpimage
MD5:BAC9FF4091F233B5BA8ADAB478AE9BF0
SHA256:20EEB8C7666BBF0A74F1501FFB73EEE789C3231A8310B801FB161F550DC66425
128javaw.exeC:\Users\admin\AppData\Local\Temp\imageio7910260693566189296.tmpimage
MD5:CB2666EAE03572A523CE8EAD1EB45134
SHA256:7BC1CC5F09034D3CA71B5F23AF0E83A2B681E90F5B986DE3748D555F527251B4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
8
DNS requests
4
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
128
javaw.exe
GET
200
198.54.115.64:80
http://teamextrememc.com/failsafe/url.txt
unknown
text
36 b
unknown
GET
404
198.54.115.64:80
http://teamextrememc.com/failsafe/launcherversion.txt
unknown
html
1.21 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
128
javaw.exe
162.125.66.15:443
dl.dropboxusercontent.com
DROPBOX
DE
malicious
128
javaw.exe
198.54.115.64:80
teamextrememc.com
NAMECHEAP-NET
US
unknown
128
javaw.exe
52.216.153.230:443
s3.amazonaws.com
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
dl.dropboxusercontent.com
  • 162.125.66.15
shared
teamextrememc.com
  • 198.54.115.64
unknown
dl.dropbox.com
  • 162.125.66.15
shared
s3.amazonaws.com
  • 52.216.153.230
  • 52.217.170.168
  • 16.182.65.176
  • 52.216.152.78
  • 52.217.233.232
  • 52.216.50.96
  • 52.216.204.197
  • 52.216.34.224
shared

Threats

PID
Process
Class
Message
128
javaw.exe
Misc activity
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
128
javaw.exe
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
128
javaw.exe
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
128
javaw.exe
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
128
javaw.exe
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Minecraft Team Extreme Launcher CRAZY TEAM.exe