File name:

Mineshafter-launcher.jar

Full analysis: https://app.any.run/tasks/52095576-e84f-4c6c-8750-153e08c060b8
Verdict: Malicious activity
Analysis date: July 25, 2020, 15:59:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/java-archive
File info: Java archive data (JAR)
MD5:

F6CD55DE2534393363E1A40E04D71156

SHA1:

7A8D89DD5548D6BDF8DE77E198AD518300C560CF

SHA256:

C03140A4216BD64EE1BF7D5E7416973F1E3F9E60B0513ADA448893DD6952EAD6

SSDEEP:

3072:hDDxhlswtTmiVBmqt7yANM/+0QGLF0BVHt:JNBtTmCBm07tMpQ4F0/t

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the user directory

      • javaw.exe (PID: 1736)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • javaw.exe (PID: 1736)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0808
ZipCompression: Deflated
ZipModifyDate: 2019:09:05 23:31:15
ZipCRC: 0xe40dfb26
ZipCompressedSize: 67
ZipUncompressedSize: 65
ZipFileName: META-INF/MANIFEST.MF
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaw.exe

Process information

PID
CMD
Path
Indicators
Parent process
1736"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\AppData\Local\Temp\Mineshafter-launcher.jar"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
explorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
25
Read events
23
Write events
2
Delete events
0

Modification events

(PID) Process:(1736) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
javaw.exe
Executable files
21
Suspicious files
22
Text files
53
Unknown types
363

Dropped files

PID
Process
Filename
Type
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher.pack.lzma.new
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Local\Temp\imageio876637392396950113.tmp
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Local\Temp\imageio4841800007240949208.tmp
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Local\Temp\imageio3666733026011815292.tmp
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Local\Temp\imageio1399386609105581584.tmp
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\assets\indexes\1.16.jsontext
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher_profiles.jsontext
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher_mcpatched.jarcompressed
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher.pack.lzmalzma
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\versions\1.16.1\1.16.1.jsontext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
471
TCP/UDP connections
44
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1736
javaw.exe
GET
302
74.114.154.18:80
http://mcupdate.tumblr.com/
CA
suspicious
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/22/22ba9b66a26b2e11fd43999a7180684f80af085a
US
text
332 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/34/34051ededea1343bfea6fadd6556e642b6e5cce9
US
ogg
24.9 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/ac/acffab0bafe2c82ffc8723880aab5ec1682d4329
US
ogg
8.37 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/ce/ceaaaa1d57dfdfbb0bd4da5ea39628b42897a687
US
ogg
1.67 Mb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/e5/e5a53e56c16fbaf4a58eb393da625e8f48e8a798
US
ogg
11.3 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/c6/c649e60ea9a99c97501a50d2dc4e579343e91ea8
US
ogg
16.6 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/96/9673ae2933b66eada687763cb7f57fa768f30078
US
ogg
21.8 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/fa/fa68bbdcbb68db8dea8604f3ae5caadb9ded0cbe
US
ogg
6.52 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/d4/d4dde3e26cdd184d660c805dbd5ce0bdb51d356b
US
text
19.3 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1736
javaw.exe
185.142.236.247:443
mineshafter.info
Cogent Communications
NL
unknown
1736
javaw.exe
99.86.2.139:443
launchermeta.mojang.com
AT&T Services, Inc.
US
unknown
1736
javaw.exe
74.114.154.18:80
mcupdate.tumblr.com
Automattic, Inc
CA
malicious
1736
javaw.exe
192.0.77.3:443
64.media.tumblr.com
Automattic, Inc
US
suspicious
1736
javaw.exe
74.114.154.18:443
mcupdate.tumblr.com
Automattic, Inc
CA
malicious
1736
javaw.exe
192.0.77.40:443
assets.tumblr.com
Automattic, Inc
US
suspicious
1736
javaw.exe
152.199.21.147:443
px.srvcs.tumblr.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
suspicious
1736
javaw.exe
99.86.4.83:443
libraries.minecraft.net
AT&T Services, Inc.
US
suspicious
1736
javaw.exe
143.204.212.134:443
launcher.mojang.com
US
unknown
1736
javaw.exe
52.216.17.251:443
s3.amazonaws.com
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
mineshafter.info
  • 185.142.236.247
whitelisted
s3.amazonaws.com
  • 52.216.17.251
shared
launchermeta.mojang.com
  • 99.86.2.139
whitelisted
mcupdate.tumblr.com
  • 74.114.154.18
  • 74.114.154.22
suspicious
assets.tumblr.com
  • 192.0.77.40
whitelisted
64.media.tumblr.com
  • 192.0.77.3
suspicious
px.srvcs.tumblr.com
  • 152.199.21.147
whitelisted
static.tumblr.com
  • 152.199.21.147
whitelisted
libraries.minecraft.net
  • 99.86.4.83
shared
launcher.mojang.com
  • 143.204.212.134
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Mineshafter-launcher.jar