ID: 353444 Sample Name: Sigma5.json Cookbook: default.jbs Time: 12:04:08 Date: 16/02/2021 Version: 31.0.0 Emerald Table of Contents
Table of Contents 2 Analysis Report Sigma5.json 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Antivirus, Machine Learning and Genetic Malware Detection 4 Initial Sample 4 Dropped Files 4 Unpacked PE Files 4 Domains 4 URLs 4 Domains and IPs 4 Contacted Domains 4 URLs from Memory and Binaries 4 Contacted IPs 7 General Information 7 Simulations 8 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 8 JA3 Fingerprints 8 Dropped Files 8 Created / dropped Files 8 Static File Info 8 General 9 File Icon 9 Network Behavior 9 Code Manipulations 9 Statistics 9 System Behavior 9 Disassembly 9
Copyright null 2021 Page 2 of 9 Analysis Report Sigma5.json
Overview
General Information Detection Signatures Classification
Sample Sigma5.json No high impact signatures. Name: Analysis ID: 353444
MD5: cbeb6202ccd65d…
SHA1: f07126c6ee0ebb9… Ransomware
Miner Spreading SHA256: 64f1bfd0358a2f3…
mmaallliiiccciiioouusss
malicious
Errors Evader Phishing
sssuusssppiiiccciiioouusss Nothing to analyse, Joe Sandbox has suspicious
cccllleeaann not found any analysis process or clean
sample Exploiter Banker Corrupt sample or wrongly selected analyzer. Details: No application is Spyware Trojan / Bot associated with the specified file for Adware this operation. Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%
Malware Configuration
No configs have been found
Yara Overview
No yara matches
Sigma Overview
No Sigma rule has matched
Signature Overview
• Networking • System Summary
Copyright null 2021 Page 3 of 9 Click to jump to signature section
There are no malicious signatures, click here to show all signatures .
Mitre Att&ck Matrix
No Mitre Att&ck techniques found
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Source Detection Scanner Label Link Sigma5.json 0% Virustotal Browse Sigma5.json 0% Metadefender Browse Sigma5.json 0% ReversingLabs
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
No Antivirus matches
URLs
No Antivirus matches
Domains and IPs
Contacted Domains
No contacted domains info
URLs from Memory and Binaries
Name Source Malicious Antivirus Detection Reputation https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb- Sigma5.json false high 3.2.2-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-natives-macos.ja https://launcher.mojang.com/v1/objects/bd9efb5f556 Sigma5.json false high f0e44f04adde7aeeba219421585c2/client.txt https://libraries.minecraft.net/com/google/guava/guava/21.0/ Sigma5.json false high guava-21.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1-natives-windows.jar Copyright null 2021 Page 4 of 9 Name Source Malicious Antivirus Detection Reputation https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl- Sigma5.json false high opengl-3.2.2-natives-linux.jar https://libraries.minecraft.net/ca/weblite/java-objc-bridge/ Sigma5.json false high 1.0.0/java-objc-bridge-1.0.0-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-natives-linux.jar https://libraries.minecraft.net/oshi-project/oshi-core/1.1/oshi- Sigma5.json false high core-1.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl- Sigma5.json false high opengl-3.2.2-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-natives-macos.jar https://launchermeta.mojang.com/v1/packages/28c113 Sigma5.json false high 87f2c576240a31d359991bbaed28db57ab/1.15.json https://libraries.minecraft.net/com/ibm/icu/icu4j-core-mojan Sigma5.json false high g/51.2/icu4j-core-mojang-51.2.jar https://libraries.minecraft.net/com/mojang/text2speech/1.11. Sigma5.json false high 3/text2speech-1.11.3-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.2/lwjgl- Sigma5.json false high openal-3.2.2-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb- Sigma5.json false high 3.2.2.jar https://launcher.mojang.com/v1/objects/bb2b6b1aefc Sigma5.json false high d70dfd1892149ac3a215f6c636b07/server.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.1/lwjgl-3.2.1- Sigma5.json false high natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1.jar https://libraries.minecraft.net/net/sf/jopt-simple/jopt-simp Sigma5.json false high le/5.0.3/jopt-simple-5.0.3.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-natives-windows. https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2.jar Sigma5.json false high https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2- Sigma5.json false high natives-macos.jar https://libraries.minecraft.net/com/mojang/brigadier/1.0.17/ Sigma5.json false high brigadier-1.0.17.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1-javadoc.jar https://libraries.minecraft.net/org/apache/httpcomponents/ht Sigma5.json false high tpcore/4.3.2/httpcore-4.3.2.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb- Sigma5.json false high 3.2.2-natives-windows.jar https://libraries.minecraft.net/com/mojang/datafixerupper/2. Sigma5.json false high 0.24/datafixerupper-2.0.24.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.1/lwjgl-3.2.1- Sigma5.json false high sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1-sources.jar https://libraries.minecraft.net/com/mojang/authlib/1.5.25/au Sigma5.json false high thlib-1.5.25.jar
Copyright null 2021 Page 5 of 9 Name Source Malicious Antivirus Detection Reputation https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1.jar https://libraries.minecraft.net/ca/weblite/java-objc-bridge/ Sigma5.json false high 1.0.0/java-objc-bridge-1.0.0-natives-osx https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.1/lwjgl-3.2.1.jar Sigma5.json false high https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2- Sigma5.json false high natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .2/lwjgl-jemalloc-3.2.2-natives-windows. https://libraries.minecraft.net/ca/weblite/java-objc-bridge/ Sigma5.json false high 1.0.0/java-objc-bridge-1.0.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-natives-windows.jar https://libraries.minecraft.net/commons-codec/commons- Sigma5.json false high codec/1.10/commons-codec-1.10.jar https://libraries.minecraft.net/com/google/code/gson/gson/2. Sigma5.json false high 8.0/gson-2.8.0.jar https://libraries.minecraft.net/commons-logging/commons-logg Sigma5.json false high ing/1.1.3/commons-logging-1.1.3.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.1/lwjgl- Sigma5.json false high opengl-3.2.1-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.2/lwjgl- Sigma5.json false high openal-3.2.2.jar https://libraries.minecraft.net/io/netty/netty-all/4.1.25.Fi Sigma5.json false high nal/netty-all-4.1.25.Final.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl- Sigma5.json false high glfw-3.2.2-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2-natives-macos.jar https://launcher.mojang.com/v1/objects/ef4f57b922d Sigma5.json false high f243d0cef096efe808c72db042149/client-1.12.xml https://libraries.minecraft.net/org/apache/commons/commons- Sigma5.json false high compress/1.8.1/commons-compress-1.8.1.jar https://libraries.minecraft.net/com/mojang/text2speech/1.11. Sigma5.json false high 3/text2speech-1.11.3-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl- Sigma5.json false high glfw-3.2.2.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-natives-linux.ja https://libraries.minecraft.net/net/java/jutils/jutils/1.0.0/jutils-1. Sigma5.json false high 0.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.1/lwjgl-3.2.1- Sigma5.json false high natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl- Sigma5.json false high glfw-3.2.2-natives-windows.jar https://libraries.minecraft.net/com/mojang/text2speech/1.11. Sigma5.json false high 3/text2speech-1.11.3-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl- Sigma5.json false high opengl-3.2.2-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl- Sigma5.json false high glfw-3.2.2-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2- Sigma5.json false high natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-sources.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.2/lwjgl- Sigma5.json false high openal-3.2.2-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .2/lwjgl-jemalloc-3.2.2.jar https://libraries.minecraft.net/net/java/dev/jna/platform/3. Sigma5.json false high 4.0/platform-3.4.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-glfw/3.2.1/lwjgl- Sigma5.json false high glfw-3.2.1-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1-sources.jar https://libraries.minecraft.net/net/java/jinput/jinput/2.0.5/jinput- Sigma5.json false high 2.0.5.jar
Copyright null 2021 Page 6 of 9 Name Source Malicious Antivirus Detection Reputation https://libraries.minecraft.net/org/apache/logging/log4j/log4j- Sigma5.json false high api/2.8.1/log4j-api-2.8.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tin Sigma5.json false high yfd-3.2.2-javadoc.jar https://libraries.minecraft.net/org/apache/httpcomponents/ht Sigma5.json false high tpclient/4.3.3/httpclient-4.3.3.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .1/lwjgl-jemalloc-3.2.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb- Sigma5.json false high 3.2.2-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.2/lwjgl- Sigma5.json false high openal-3.2.2-natives-macos.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .2/lwjgl-jemalloc-3.2.2-natives-linux.ja https://libraries.minecraft.net/net/java/dev/jna/jna/4.4.0/jna- Sigma5.json false high 4.4.0.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1-natives-windows.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-jemalloc/3.2 Sigma5.json false high .2/lwjgl-jemalloc-3.2.2-natives-macos.ja https://libraries.minecraft.net/org/apache/logging/log4j/log4j- Sigma5.json false high core/2.8.1/log4j-core-2.8.1.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1.jar https://libraries.minecraft.net/ca/weblite/java-objc-bridge/ Sigma5.json false high 1.0.0/java-objc-bridge-1.0.0-sources.jar https://libraries.minecraft.net/com/mojang/text2speech/1.11. Sigma5.json false high 3/text2speech-1.11.3.jar https://libraries.minecraft.net/com/mojang/javabridge/1.0.22 Sigma5.json false high /javabridge-1.0.22.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-openal/3.2.1/lwjgl- Sigma5.json false high openal-3.2.1-natives-linux.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-stb/3.2.1/lwjgl-stb- Sigma5.json false high 3.2.1-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-tinyfd/3.2.1/lwjgl-tin Sigma5.json false high yfd-3.2.1-javadoc.jar https://libraries.minecraft.net/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl- Sigma5.json false high opengl-3.2.2.jar
Contacted IPs
No contacted IP infos
General Information
Joe Sandbox Version: 31.0.0 Emerald Analysis ID: 353444 Start date: 16.02.2021 Start time: 12:04:08 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 1m 31s Hypervisor based Inspection enabled: false Report type: light Sample file name: Sigma5.json Cookbook file name: default.jbs Analysis system description: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) Number of analysed new started processes analysed: 1 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0
Copyright null 2021 Page 7 of 9 Technologies: EGA enabled HDC enabled AMSI enabled
Analysis Mode: default Analysis stop reason: Timeout Detection: UNKNOWN Classification: unknown0.winJSON@0/0@0/0 Cookbook Comments: Adjust boot time Enable AMSI Unable to launch sample, stop analysis Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Errors: Nothing to analyse, Joe Sandbox has not found any analysis process or sample Corrupt sample or wrongly selected analyzer. Details: No application is associated with the specified file for this operation.
Simulations
Behavior and APIs
No simulations
Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
JA3 Fingerprints
No context
Dropped Files
No context
Created / dropped Files
No created / dropped files found
Static File Info
Copyright null 2021 Page 8 of 9 General File type: ASCII text Entropy (8bit): 4.01957975566362 TrID: File name: Sigma5.json File size: 66581 MD5: cbeb6202ccd65d040de0673f19b89739 SHA1: f07126c6ee0ebb995473991d7f1fb3564b675d41 SHA256: 64f1bfd0358a2f3d659a510d847a358067bb36a5a169d21 baa1a034fe6bb596f SHA512: ce876caddc3eb2141ed8551000cbca34feba0656791803 6eb816da8abfc2b4c3b13e955d493c63d036d6c41139fe6 2d6eddb8f301fc05bd836019144ff9e34d4 SSDEEP: 384:3mObTCSn6011zSdqlIL0mNF3oKTTweDSYDc5pq 6FTFLaD5+y1tp:3p6x6FTFLaD5+y13 File Content Preview: {. "arguments": {. "game": [. "--username" ,. "${auth_player_name}",. "--version",. "${version_name}",. "--gameDir",. "${ga me_directory}",. "--assetsDir",. "$
File Icon
Icon Hash: 3474f4c4c4c4c0c4
Network Behavior
No network behavior found
Code Manipulations
Statistics
System Behavior
Disassembly
Copyright null 2021 Page 9 of 9