File name:

Minecraft.rar

Full analysis: https://app.any.run/tasks/fb004e1e-3afe-4cbf-9f38-f39cc1733dc4
Verdict: Malicious activity
Analysis date: February 25, 2024, 19:52:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

4DACB1462DBC2082A3FE161C07EAF315

SHA1:

533117481C05FDC734380EBE71996035B0B1341D

SHA256:

73CFA213D60F836A01BF7A6F4DB5A3256ABFFB91C7442879E7CC0BE43CBFA26D

SSDEEP:

3072:fFzpdRmLOBm6Kd0KfHiXjItswVr7uDZBFqCs14Fs0LXUrTagGsTVyZOJ:Nzpds6oNCzItXg/XhsKQgEJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 4052)
      • Minecraft.exe (PID: 3848)

  • SUSPICIOUS

    • Checks for Java to be installed

      • Minecraft.exe (PID: 3848)
      • javaw.exe (PID: 2232)

    • Executable content was dropped or overwritten

      • Minecraft.exe (PID: 3848)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4052)

    • Manual execution by a user

      • Minecraft.exe (PID: 3848)

    • Checks supported languages

      • Minecraft.exe (PID: 3848)
      • java.exe (PID: 3948)
      • javaw.exe (PID: 2232)
      • i4jdel0.exe (PID: 3960)

    • Creates files in the program directory

      • java.exe (PID: 3948)

    • Create files in a temporary directory

      • Minecraft.exe (PID: 3848)
      • java.exe (PID: 3948)
      • javaw.exe (PID: 2232)

    • Reads the machine GUID from the registry

      • Minecraft.exe (PID: 3848)

    • Reads the computer name

      • Minecraft.exe (PID: 3848)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 158852
UncompressedSize: 695298
OperatingSystem: Win32
ModifyDate: 2012:08:06 15:03:04
PackingMethod: Normal
ArchivedFileName: Minecraft.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe minecraft.exe java.exe no specs icacls.exe no specs javaw.exe no specs i4jdel0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
864C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MC:\Windows\System32\icacls.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
2232javaw -Xms512m -Xmx1024m -Dsun.java2d.noddraw=true -Dsun.java2d.d3d=false -Dsun.java2d.opengl=false -Dsun.java2d.pmoffscreen=false -classpath /C:/Users/admin/AppData/Local/Temp/e4j4EA8.tmp_dir/MinecraftSP.jar net.minecraft.LauncherFrameC:\Program Files\Common Files\Oracle\Java\javapath_target_52116515\javaw.exeMinecraft.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.2710.9
Modules
Images
c:\program files\common files\oracle\java\javapath_target_52116515\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3848"C:\Users\admin\Desktop\Minecraft\Minecraft.exe" C:\Users\admin\Desktop\Minecraft\Minecraft.exe
explorer.exe
User:
admin
Company:
AnjoCaido
Integrity Level:
MEDIUM
Description:
Free launcher for Minecraft Alpha
Exit code:
0
Version:
12.1.2.0
Modules
Images
c:\users\admin\desktop\minecraft\minecraft.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
3948c:\PROGRA~1\java\JRE18~1.0_2\bin\java.exe -versionC:\Program Files\Java\jre1.8.0_271\bin\java.exeMinecraft.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3960C:\Users\admin\AppData\Local\Temp\i4jdel0.exe i4j4741115619402928339.tmpC:\Users\admin\AppData\Local\Temp\i4jdel0.exeMinecraft.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\i4jdel0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
4052"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Minecraft.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
4 043
Read events
4 028
Write events
15
Delete events
0

Modification events

(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(4052) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Minecraft.rar
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
5
Suspicious files
0
Text files
2
Unknown types
1

Dropped files

PID
Process
Filename
Type
4052WinRAR.exeC:\Users\admin\Desktop\Minecraft\Minecraft.exeexecutable
MD5:F5F0647877086B5BF4CA404B91505631
SHA256:5F43C9E3EF7D5972A37E2976318C39D18A8D9EA707565A169ECA97F1DC8868D7
3848Minecraft.exeC:\Users\admin\AppData\Local\Temp\e4j4EB8.tmptext
MD5:04C435364568AB98120F802C798CFD68
SHA256:7A7FE5291BA42E11E8FA94839E219AB65E3B1411244ECDEFA4222CC60A63ED61
3848Minecraft.exeC:\Users\admin\AppData\Local\Temp\e4j4EA8.tmp_dir\exe4jlib.jarjava
MD5:C97D4F24CE40002EBDCBEB9148617E44
SHA256:411F86A58A889912D462EAD6BF382547476787AEC915BCC047CE7638608531B9
3948java.exeC:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8061.timestamptext
MD5:98D0625D6074FCA0E388867D771E29EF
SHA256:612B51EC9F628135BE6F3E9C2500B111A8F0BA4794178AC2349276D425DE8594
3848Minecraft.exeC:\Users\admin\AppData\Local\Temp\i4j4741115619402928339.tmpbinary
MD5:F6AB30270CBAA0C60A17BE06D2F1F7B2
SHA256:40CD2EE5185B0D1DF48FF90C20CFF19CC9009E9D05CFD3359A483337B600A3D4
3848Minecraft.exeC:\Users\admin\AppData\Local\Temp\e4j4EA8.tmp_dir\MinecraftSP.jarjava
MD5:4ECA7879FF514CDD79C290701443EEDD
SHA256:3D1DBCA922045D5ECCC744E6F9F6E56FEF73A371A8BC0826E76FB041824073C0
3848Minecraft.exeC:\Users\admin\AppData\Local\Temp\e4j4EA8.tmp_dir\i4jdel.exeexecutable
MD5:24F6D923EF6956ABD0449C879F36D7C7
SHA256:B8FE41DD005BB309F2ED4B81300CE0FBE4DDFC2A379A5101C11ECE47462D1997
3848Minecraft.exeC:\Users\admin\AppData\Local\Temp\i4jdel0.exeexecutable
MD5:24F6D923EF6956ABD0449C879F36D7C7
SHA256:B8FE41DD005BB309F2ED4B81300CE0FBE4DDFC2A379A5101C11ECE47462D1997
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Minecraft.rar