ID: 353444 Sample Name: Sigma5.json Cookbook: default.jbs Time: 12:04:08 Date: 16/02/2021 Version: 31.0.0 Emerald Table of Contents

Table of Contents 2 Analysis Report Sigma5.json 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Antivirus, Machine Learning and Genetic Malware Detection 4 Initial Sample 4 Dropped Files 4 Unpacked PE Files 4 Domains 4 URLs 4 Domains and IPs 4 Contacted Domains 4 URLs from Memory and Binaries 4 Contacted IPs 7 General Information 7 Simulations 8 Behavior and 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 8 JA3 Fingerprints 8 Dropped Files 8 Created / dropped Files 8 Static File Info 8 General 9 File Icon 9 Network Behavior 9 Code Manipulations 9 Statistics 9 System Behavior 9 Disassembly 9

Copyright null 2021 Page 2 of 9 Analysis Report Sigma5.json

Overview

General Information Detection Signatures Classification

Sample Sigma5.json No high impact signatures. Name: Analysis ID: 353444

MD5: cbeb6202ccd65d…

SHA1: f07126c6ee0ebb9… Ransomware

Miner Spreading SHA256: 64f1bfd0358a2f3…

mmaallliiiccciiioouusss

malicious

Errors Evader Phishing

sssuusssppiiiccciiioouusss Nothing to analyse, Joe Sandbox has suspicious

cccllleeaann not found any analysis process or clean

sample Exploiter Banker Corrupt sample or wrongly selected analyzer. Details: No application is Spyware Trojan / Bot associated with the specified file for Adware this operation. Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• Networking • System Summary

Copyright null 2021 Page 3 of 9 Click to jump to signature section

There are no malicious signatures, click here to show all signatures .

Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link Sigma5.json 0% Virustotal Browse Sigma5.json 0% Metadefender Browse Sigma5.json 0% ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name Source Malicious Antivirus Detection Reputation https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb- Sigma5.json false high 3.2.2-natives-.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-natives-macos.ja https://launcher.mojang.com/v1/objects/bd9efb5f556 Sigma5.json false high f0e44f04adde7aeeba219421585c2/client.txt https://libraries.minecraft.net/com/google/guava/guava/21.0/ Sigma5.json false high guava-21.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high -3.2.1-natives-windows.jar Copyright null 2021 Page 4 of 9 Name Source Malicious Antivirus Detection Reputation https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl- Sigma5.json false high opengl-3.2.2-natives-linux.jar https://libraries.minecraft.net/ca/weblite/java-objc-bridge/ Sigma5.json false high 1.0.0/java-objc-bridge-1.0.0-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-natives-linux.jar https://libraries.minecraft.net/oshi-project/oshi-core/1.1/oshi- Sigma5.json false high core-1.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl- Sigma5.json false high opengl-3.2.2-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-natives-macos.jar https://launchermeta.mojang.com/v1/packages/28c113 Sigma5.json false high 87f2c576240a31d359991bbaed28db57ab/1.15.json https://libraries.minecraft.net/com/ibm/icu/icu4j-core-mojan Sigma5.json false high g/51.2/icu4j-core-mojang-51.2.jar https://libraries.minecraft.net/com/mojang/text2speech/1.11. Sigma5.json false high 3/text2speech-1.11.3-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.2/lwjgl- Sigma5.json false high openal-3.2.2-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb- Sigma5.json false high 3.2.2.jar https://launcher.mojang.com/v1/objects/bb2b6b1aefc Sigma5.json false high d70dfd1892149ac3a215f6c636b07/server.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.1/lwjgl-3.2.1- Sigma5.json false high natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1.jar https://libraries.minecraft.net/net/sf/jopt-simple/jopt-simp Sigma5.json false high le/5.0.3/jopt-simple-5.0.3.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-natives-windows. https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2.jar Sigma5.json false high https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2- Sigma5.json false high natives-macos.jar https://libraries.minecraft.net/com/mojang/brigadier/1.0.17/ Sigma5.json false high brigadier-1.0.17.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1-javadoc.jar https://libraries.minecraft.net/org/apache/httpcomponents/ht Sigma5.json false high tpcore/4.3.2/httpcore-4.3.2.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb- Sigma5.json false high 3.2.2-natives-windows.jar https://libraries.minecraft.net/com/mojang/datafixerupper/2. Sigma5.json false high 0.24/datafixerupper-2.0.24.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.1/lwjgl-3.2.1- Sigma5.json false high sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1-sources.jar https://libraries.minecraft.net/com/mojang/authlib/1.5.25/au Sigma5.json false high thlib-1.5.25.jar

Copyright null 2021 Page 5 of 9 Name Source Malicious Antivirus Detection Reputation https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1.jar https://libraries.minecraft.net/ca/weblite/java-objc-bridge/ Sigma5.json false high 1.0.0/java-objc-bridge-1.0.0-natives-osx https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.1/lwjgl-3.2.1.jar Sigma5.json false high https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2- Sigma5.json false high natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .2/lwjgl-jemalloc-3.2.2-natives-windows. https://libraries.minecraft.net/ca/weblite/java-objc-bridge/ Sigma5.json false high 1.0.0/java-objc-bridge-1.0.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-natives-windows.jar https://libraries.minecraft.net/commons-codec/commons- Sigma5.json false high codec/1.10/commons-codec-1.10.jar https://libraries.minecraft.net/com/google/code/gson/gson/2. Sigma5.json false high 8.0/gson-2.8.0.jar https://libraries.minecraft.net/commons-logging/commons-logg Sigma5.json false high ing/1.1.3/commons-logging-1.1.3.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.2/lwjgl- Sigma5.json false high openal-3.2.2.jar https://libraries.minecraft.net/io/netty/netty-all/4.1.25.Fi Sigma5.json false high nal/netty-all-4.1.25.Final.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl- Sigma5.json false high glfw-3.2.2-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2-natives-macos.jar https://launcher.mojang.com/v1/objects/ef4f57b922d Sigma5.json false high f243d0cef096efe808c72db042149/client-1.12.xml https://libraries.minecraft.net/org/apache/commons/commons- Sigma5.json false high compress/1.8.1/commons-compress-1.8.1.jar https://libraries.minecraft.net/com/mojang/text2speech/1.11. Sigma5.json false high 3/text2speech-1.11.3-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl- Sigma5.json false high glfw-3.2.2.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-natives-linux.ja https://libraries.minecraft.net/net/java/jutils/jutils/1.0.0/jutils-1. Sigma5.json false high 0.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.1/lwjgl-3.2.1- Sigma5.json false high natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl- Sigma5.json false high glfw-3.2.2-natives-windows.jar https://libraries.minecraft.net/com/mojang/text2speech/1.11. Sigma5.json false high 3/text2speech-1.11.3-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl- Sigma5.json false high opengl-3.2.2-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl- Sigma5.json false high glfw-3.2.2-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2- Sigma5.json false high natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.2/lwjgl- Sigma5.json false high openal-3.2.2-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .2/lwjgl-jemalloc-3.2.2.jar https://libraries.minecraft.net/net/java/dev/jna/platform/3. Sigma5.json false high 4.0/platform-3.4.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-sources.jar https://libraries.minecraft.net/net/java/jinput/jinput/2.0.5/jinput- Sigma5.json false high 2.0.5.jar

Copyright null 2021 Page 6 of 9 Name Source Malicious Antivirus Detection Reputation https://libraries.minecraft.net/org/apache/logging/log4j/log4j- Sigma5.json false high /2.8.1/log4j-api-2.8.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2-javadoc.jar https://libraries.minecraft.net/org/apache/httpcomponents/ht Sigma5.json false high tpclient/4.3.3/httpclient-4.3.3.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb- Sigma5.json false high 3.2.2-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.2/lwjgl- Sigma5.json false high openal-3.2.2-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .2/lwjgl-jemalloc-3.2.2-natives-linux.ja https://libraries.minecraft.net/net/java/dev/jna/jna/4.4.0/jna- Sigma5.json false high 4.4.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .2/lwjgl-jemalloc-3.2.2-natives-macos.ja https://libraries.minecraft.net/org/apache/logging/log4j/log4j- Sigma5.json false high core/2.8.1/log4j-core-2.8.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1.jar https://libraries.minecraft.net/ca/weblite/java-objc-bridge/ Sigma5.json false high 1.0.0/java-objc-bridge-1.0.0-sources.jar https://libraries.minecraft.net/com/mojang/text2speech/1.11. Sigma5.json false high 3/text2speech-1.11.3.jar https://libraries.minecraft.net/com/mojang/javabridge/1.0.22 Sigma5.json false high /javabridge-1.0.22.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl- Sigma5.json false high opengl-3.2.2.jar

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version: 31.0.0 Emerald Analysis ID: 353444 Start date: 16.02.2021 Start time: 12:04:08 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 1m 31s Hypervisor based Inspection enabled: false Report type: light Sample file name: Sigma5.json Cookbook file name: default.jbs Analysis system description: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) Number of analysed new started processes analysed: 1 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0

Copyright null 2021 Page 7 of 9 Technologies: EGA enabled HDC enabled AMSI enabled

Analysis Mode: default Analysis stop reason: Timeout Detection: UNKNOWN Classification: unknown0.winJSON@0/0@0/0 Cookbook Comments: Adjust boot time Enable AMSI Unable to launch sample, stop analysis Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Errors: Nothing to analyse, Joe Sandbox has not found any analysis process or sample Corrupt sample or wrongly selected analyzer. Details: No application is associated with the specified file for this operation.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

Copyright null 2021 Page 8 of 9 General File type: ASCII text Entropy (8bit): 4.01957975566362 TrID: File name: Sigma5.json File size: 66581 MD5: cbeb6202ccd65d040de0673f19b89739 SHA1: f07126c6ee0ebb995473991d7f1fb3564b675d41 SHA256: 64f1bfd0358a2f3d659a510d847a358067bb36a5a169d21 baa1a034fe6bb596f SHA512: ce876caddc3eb2141ed8551000cbca34feba0656791803 6eb816da8abfc2b4c3b13e955d493c63d036d6c41139fe6 2d6eddb8f301fc05bd836019144ff9e34d4 SSDEEP: 384:3mObTCSn6011zSdqlIL0mNF3oKTTweDSYDc5pq 6FTFLaD5+y1tp:3p6x6FTFLaD5+y13 File Content Preview: {. "arguments": {. "game": [. "--username" ,. "${auth_player_name}",. "--version",. "${version_name}",. "--gameDir",. "${ga me_directory}",. "--assetsDir",. "$

File Icon

Icon Hash: 3474f4c4c4c4c0c4

Network Behavior

No network behavior found

Code Manipulations

Statistics

System Behavior

Disassembly

Copyright null 2021 Page 9 of 9