Overview

overview

4

Static

static

LauncherFe...ft.jar

windows7-x64

3

LauncherFe...ft.jar

windows10-2004-x64

4

Resubmissions

27-12-2022 23:39

221227-3nclsabh7y 1

27-12-2022 23:35

221227-3k3c2agg92 6

27-12-2022 23:31

221227-3hqw8abh6x 4

Analysis

  • max time kernel
    73s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2022 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LauncherFenix-Minecraft.jar

  • Size

    56KB

  • MD5

    7a61030e60da59eb48d5430a175c38d3

  • SHA1

    e21779e2d453397c6a2bbc6090ac49de8f0fe1ea

  • SHA256

    2e33e36c9517efe86251a2f4294d822b55f344d189c9606189757f4ad17af38e

  • SHA512

    27b143872d411088186fdf8178d3c05710795ceffbe75f227469025d309f845c4db3ad91aad0fce1b01671ef271b9bf0445d083d3c5008af2b8daf688e81320a

  • SSDEEP

    1536:Fqv6lGMWvA34iBJZd8HJa3SUwxq7R83taXb:EvXMUA3bJZdwJjU3F1Xb

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 12 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft.jar
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:2216
  • C:\Windows\System32\GameBarPresenceWriter.exe
    "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
    1⤵
      PID:4724
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4508
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
      1⤵
      • Checks processor information in registry
      • Modifies registry class
      PID:2484

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2216-136-0x0000000002EF0000-0x0000000003EF0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2216-143-0x0000000002EF0000-0x0000000003EF0000-memory.dmp

      Filesize

      16.0MB

      Download