File name:

MinecraftInstaller.exe

Full analysis: https://app.any.run/tasks/5ba2ffbf-b78b-4552-ba05-1c9d664f0d4e
Verdict: Malicious activity
Analysis date: November 23, 2024, 16:03:53
OS: Windows 11 Professional (build: 22000, 64 bit)
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

4F02AC057355B5DC73EA28AECD2D56B4

SHA1:

32591CB75779A3E308A44E75A76F821E7DEE11E0

SHA256:

83A5F942B2A15EAB4826EF1709EC6A7F9637A7EC0FCE16585776848797307FA4

SSDEEP:

196608:seH+E1nHDWOq2jPRuDTHZJlwGorK/h3JRnWIwbK4DMU6Q6owYcEvV:sZwWm0DbjlborGrRWIwGuuowW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the Internet Settings

      • MinecraftInstaller.exe (PID: 5460)
      • WinStore.App.exe (PID: 2616)

    • Reads settings of System Certificates

      • MinecraftInstaller.exe (PID: 5460)

    • Reads security settings of Internet Explorer

      • MinecraftInstaller.exe (PID: 5460)
      • WinStore.App.exe (PID: 2616)

    • Checks Windows Trust Settings

      • WinStore.App.exe (PID: 2616)

  • INFO

    • Checks supported languages

      • MinecraftInstaller.exe (PID: 5460)
      • WinStore.App.exe (PID: 2616)

    • Reads the computer name

      • MinecraftInstaller.exe (PID: 5460)
      • WinStore.App.exe (PID: 2616)

    • Creates files or folders in the user directory

      • MinecraftInstaller.exe (PID: 5460)

    • Disables trace logs

      • MinecraftInstaller.exe (PID: 5460)

    • Checks proxy server information

      • MinecraftInstaller.exe (PID: 5460)
      • WinStore.App.exe (PID: 2616)

    • Reads Environment values

      • MinecraftInstaller.exe (PID: 5460)
      • WinStore.App.exe (PID: 2616)

    • Reads product name

      • MinecraftInstaller.exe (PID: 5460)
      • WinStore.App.exe (PID: 2616)

    • Reads the software policy settings

      • MinecraftInstaller.exe (PID: 5460)
      • WinStore.App.exe (PID: 2616)

    • Reads the machine GUID from the registry

      • MinecraftInstaller.exe (PID: 5460)
      • WinStore.App.exe (PID: 2616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:06 23:39:58+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 33512960
InitializedDataSize: 372736
UninitializedDataSize: -
EntryPoint: 0x1ff7c76
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.17.8892.42599
ProductVersionNumber: 1.17.8892.42599
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: MinecraftInstaller
FileVersion: 1.17.8892.42599
InternalName: MinecraftInstaller.exe
LegalCopyright: Copyright © 2023
LegalTrademarks: -
OriginalFileName: MinecraftInstaller.exe
ProductName: MinecraftInstaller
ProductVersion: 1.17.8892.42599
AssemblyVersion: 1.17.8892.42599
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
114
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start minecraftinstaller.exe winstore.app.exe

Process information

PID
CMD
Path
Indicators
Parent process
2616"C:\Program Files\WindowsApps\Microsoft.WindowsStore_22205.1401.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mcaC:\Program Files\WindowsApps\Microsoft.WindowsStore_22205.1401.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Store
Version:
0.0.0.0
Modules
Images
c:\program files\windowsapps\microsoft.windowsstore_22205.1401.13.0_x64__8wekyb3d8bbwe\winstore.app.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\windowsapps\microsoft.windowsstore_22205.1401.13.0_x64__8wekyb3d8bbwe\winstore.app.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\program files\windowsapps\microsoft.net.native.framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe\sharedlibrary.dll
5460"C:\Users\admin\Desktop\MinecraftInstaller.exe" C:\Users\admin\Desktop\MinecraftInstaller.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
MinecraftInstaller
Version:
1.17.8892.42599
Modules
Images
c:\users\admin\desktop\minecraftinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
Total events
10 319
Read events
10 288
Write events
30
Delete events
1

Modification events

(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(5460) MinecraftInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MinecraftInstaller_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
0
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
5460MinecraftInstaller.exeC:\Users\admin\AppData\Local\MinecraftInstaller\deviceId.txttext
MD5:FE64BD0419533F412218BB080FB54706
SHA256:1E9FDC0752A41793E3A787F546858CE02752F762D05B7C1DBE01EB4A831BF6A3
2616WinStore.App.exeC:\Users\admin\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\perUserCache_0\4d431571-c453-4ccc-8970-ac6b2a372dc0binary
MD5:18E21BEA6210C325B298FC2142AB7C00
SHA256:609C95040BFF7229129F2814C483BAF50046172FCE8A7F0FCFF711BF54C441A8
2616WinStore.App.exeC:\Users\admin\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\perUserCache_0\indexbinary
MD5:820FF4D3068765C4E9BA7082DE6F4E8E
SHA256:5A642D4427B35F4AB9A9ED5841A0F0CC0B236DA26CE58EEBD99C9B889E37CEBC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
43
DNS requests
34
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
88.221.110.216:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
1168
MoUsoCoreWorker.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b88237ced0c9fad6
unknown
whitelisted
POST
200
95.101.54.123:80
http://r10.o.lencr.org/
unknown
whitelisted
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
POST
200
95.101.54.123:80
http://r10.o.lencr.org/
unknown
whitelisted
HEAD
200
23.35.236.109:443
https://fs.microsoft.com/fs/windows/config.json
unknown
POST
200
95.101.54.123:80
http://r10.o.lencr.org/
unknown
whitelisted
POST
200
34.120.208.123:443
https://incoming.telemetry.mozilla.org/submit/default-browser-agent/default-browser/1/CE44130C-28EC-4802-8445-19877247E9A2
unknown
whitelisted
GET
200
52.113.194.132:443
https://ecs.office.com/config/v2/Office/officeclicktorun/16.0.16626.20134/Production/CC?&Clientid=%7b80C2A92B-EDEE-479E-8470-DBC6C547F2FB%7d&Application=officeclicktorun&Platform=win32&Version=16.0.16626.20134&MsoVersion=16.0.16626.20134&ProcessName=officec2rclient.exe&Audience=Production&Build=ship&Architecture=x64&OsVersion=10.0&OsBuild=22000&Channel=CC&InstallType=C2R&SessionId=%7b90761CAA-7363-4A35-A52D-F3D056753652%7d&LabMachine=false
unknown
tss
79.0 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
52.109.32.97:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
whitelisted
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
5552
svchost.exe
239.255.255.250:1900
whitelisted
88.221.110.216:80
Akamai International B.V.
DE
unknown
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1168
MoUsoCoreWorker.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
officeclient.microsoft.com
  • 52.109.32.97
whitelisted
incoming.telemetry.mozilla.org
  • 34.120.208.123
whitelisted
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted
prod.remote-settings.prod.webservices.mozgcp.net
  • 34.149.100.209
whitelisted
telemetry-incoming.r53-2.services.mozilla.com
  • 34.120.208.123
whitelisted
google.com
  • 142.250.184.206
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
  • 2.22.50.144
  • 2.22.50.131
whitelisted
r10.o.lencr.org
  • 95.101.54.123
  • 95.101.54.145
  • 2.16.202.115
  • 95.101.54.114
  • 95.101.54.200
  • 95.101.54.130
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Microsoft Connection Test
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MinecraftInstaller.exe