File name:

Mineshafter-launcher.jar

Full analysis: https://app.any.run/tasks/52095576-e84f-4c6c-8750-153e08c060b8
Verdict: Malicious activity
Analysis date: July 25, 2020, 15:59:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/java-archive
File info: Java archive data (JAR)
MD5:

F6CD55DE2534393363E1A40E04D71156

SHA1:

7A8D89DD5548D6BDF8DE77E198AD518300C560CF

SHA256:

C03140A4216BD64EE1BF7D5E7416973F1E3F9E60B0513ADA448893DD6952EAD6

SSDEEP:

3072:hDDxhlswtTmiVBmqt7yANM/+0QGLF0BVHt:JNBtTmCBm07tMpQ4F0/t

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the user directory

      • javaw.exe (PID: 1736)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • javaw.exe (PID: 1736)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0808
ZipCompression: Deflated
ZipModifyDate: 2019:09:05 23:31:15
ZipCRC: 0xe40dfb26
ZipCompressedSize: 67
ZipUncompressedSize: 65
ZipFileName: META-INF/MANIFEST.MF
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaw.exe

Process information

PID
CMD
Path
Indicators
Parent process
1736"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\AppData\Local\Temp\Mineshafter-launcher.jar"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
explorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
25
Read events
23
Write events
2
Delete events
0

Modification events

(PID) Process:(1736) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
javaw.exe
Executable files
21
Suspicious files
22
Text files
53
Unknown types
363

Dropped files

PID
Process
Filename
Type
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher.pack.lzma.new
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Local\Temp\imageio876637392396950113.tmp
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Local\Temp\imageio4841800007240949208.tmp
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Local\Temp\imageio3666733026011815292.tmp
MD5:
SHA256:
1736javaw.exeC:\Users\admin\AppData\Local\Temp\imageio1399386609105581584.tmp
MD5:
SHA256:
1736javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:ACD8E45577CA20928247AACB2B978511
SHA256:06C6EF45CE65CB40B9B1FB19460E1355BDE84A899C2A56C1A7A740947CEE6848
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher.jarjava
MD5:83D14C2ABBF3097132C8CF0015A614A2
SHA256:D020678C4C1B6E95D707B9D4ACF075139AB20C8223D8F612CAB62A2E331BDA03
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher_mcpatched.jarcompressed
MD5:CA7DEB1FB5A2E0EDABBC015469A52041
SHA256:E821E2755707EB3A8532F2DA6D79133097E339158B7F22C20590CB5DCF48954D
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher_profiles.jsontext
MD5:5E222AE7CF9F0BE1246812CE5EA4FFFE
SHA256:D91C2D562363D64CA5F4F90AA65CA200534B5C92F8935D4695F28D812122F228
1736javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher.pack.lzmalzma
MD5:D3F1E104ED5046CA5AA866D144484E79
SHA256:CC22979FD70102C7975C2BD7DECE3A5F6B5AE3EC4FE1D39A80816C9D579542CF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
471
TCP/UDP connections
44
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/2e/2e5cbdda4af66e8a435c22f822c6b755c2bcc183
US
ogg
28.2 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/c6/c649e60ea9a99c97501a50d2dc4e579343e91ea8
US
ogg
16.6 Kb
shared
1736
javaw.exe
GET
302
74.114.154.18:80
http://mcupdate.tumblr.com/
CA
suspicious
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/ac/acffab0bafe2c82ffc8723880aab5ec1682d4329
US
ogg
8.37 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/fa/fa68bbdcbb68db8dea8604f3ae5caadb9ded0cbe
US
ogg
6.52 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/34/34051ededea1343bfea6fadd6556e642b6e5cce9
US
ogg
24.9 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/4f/4fd5e63658d0c3f6495b8a56ed266f9923b404e2
US
ogg
12.2 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/c2/c27a5dfd1f85834d0238273dfc7227b85776afc8
US
ogg
23.8 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/da/daa06994b2e42f2264fe061e82eb6c1d5ed8b696
US
ogg
34.2 Kb
shared
1736
javaw.exe
GET
200
143.204.201.56:80
http://resources.download.minecraft.net/96/9673ae2933b66eada687763cb7f57fa768f30078
US
ogg
21.8 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1736
javaw.exe
192.0.77.40:443
assets.tumblr.com
Automattic, Inc
US
suspicious
1736
javaw.exe
185.142.236.247:443
mineshafter.info
Cogent Communications
NL
unknown
1736
javaw.exe
99.86.2.139:443
launchermeta.mojang.com
AT&T Services, Inc.
US
unknown
1736
javaw.exe
74.114.154.18:80
mcupdate.tumblr.com
Automattic, Inc
CA
malicious
1736
javaw.exe
143.204.212.134:443
launcher.mojang.com
US
unknown
1736
javaw.exe
143.204.201.56:80
resources.download.minecraft.net
US
malicious
1736
javaw.exe
192.0.77.3:443
64.media.tumblr.com
Automattic, Inc
US
suspicious
1736
javaw.exe
152.199.21.147:443
px.srvcs.tumblr.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
suspicious
1736
javaw.exe
99.86.4.83:443
libraries.minecraft.net
AT&T Services, Inc.
US
suspicious
1736
javaw.exe
74.114.154.18:443
mcupdate.tumblr.com
Automattic, Inc
CA
malicious

DNS requests

Domain
IP
Reputation
mineshafter.info
  • 185.142.236.247
whitelisted
s3.amazonaws.com
  • 52.216.17.251
shared
launchermeta.mojang.com
  • 99.86.2.139
whitelisted
mcupdate.tumblr.com
  • 74.114.154.18
  • 74.114.154.22
suspicious
assets.tumblr.com
  • 192.0.77.40
whitelisted
64.media.tumblr.com
  • 192.0.77.3
suspicious
px.srvcs.tumblr.com
  • 152.199.21.147
whitelisted
static.tumblr.com
  • 152.199.21.147
whitelisted
libraries.minecraft.net
  • 99.86.4.83
shared
launcher.mojang.com
  • 143.204.212.134
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Mineshafter-launcher.jar