Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
27/12/2022, 23:39 UTC
221227-3nclsabh7y 127/12/2022, 23:35 UTC
221227-3k3c2agg92 627/12/2022, 23:31 UTC
221227-3hqw8abh6x 4Analysis
-
max time kernel
49s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27/12/2022, 23:39 UTC
Static task
static1
Behavioral task
behavioral1
Sample
LauncherFenix-Minecraft.jar
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
LauncherFenix-Minecraft.jar
Resource
win10v2004-20220812-en
3 signatures
150 seconds
General
-
Target
LauncherFenix-Minecraft.jar
-
Size
56KB
-
MD5
7a61030e60da59eb48d5430a175c38d3
-
SHA1
e21779e2d453397c6a2bbc6090ac49de8f0fe1ea
-
SHA256
2e33e36c9517efe86251a2f4294d822b55f344d189c9606189757f4ad17af38e
-
SHA512
27b143872d411088186fdf8178d3c05710795ceffbe75f227469025d309f845c4db3ad91aad0fce1b01671ef271b9bf0445d083d3c5008af2b8daf688e81320a
-
SSDEEP
1536:Fqv6lGMWvA34iBJZd8HJa3SUwxq7R83taXb:EvXMUA3bJZdwJjU3F1Xb
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 828 java.exe 828 java.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestwww.dropbox.comIN AResponsewww.dropbox.comIN CNAMEwww-env.dropbox-dns.comwww-env.dropbox-dns.comIN A162.125.8.18
-
Remote address:8.8.8.8:53Requestfiles.launcherfenix.com.arIN AResponsefiles.launcherfenix.com.arIN A104.21.72.175files.launcherfenix.com.arIN A172.67.153.84
-
Remote address:8.8.8.8:53Requestlaunchermeta.mojang.comIN AResponselaunchermeta.mojang.comIN CNAMElauncher-meta-cdn.azureedge.netlauncher-meta-cdn.azureedge.netIN CNAMElauncher-meta-cdn.afd.azureedge.netlauncher-meta-cdn.afd.azureedge.netIN CNAMEstar-azureedge-prod.trafficmanager.netstar-azureedge-prod.trafficmanager.netIN CNAMEshed.dual-low.part-0039.t-0009.fdv2-t-msedge.netshed.dual-low.part-0039.t-0009.fdv2-t-msedge.netIN CNAMEpart-0039.t-0009.fdv2-t-msedge.netpart-0039.t-0009.fdv2-t-msedge.netIN A13.107.237.67part-0039.t-0009.fdv2-t-msedge.netIN A13.107.238.67
-
Remote address:8.8.8.8:53Requestprofile.launcherfenix.com.arIN AResponseprofile.launcherfenix.com.arIN A172.67.153.84profile.launcherfenix.com.arIN A104.21.72.175
-
Remote address:8.8.8.8:53Requestiniciolauncherfx.tumblr.comIN AResponseiniciolauncherfx.tumblr.comIN A74.114.154.22iniciolauncherfx.tumblr.comIN A74.114.154.18
-
Remote address:74.114.154.22:80RequestGET / HTTP/1.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/535.14 (KHTML, like Gecko) JavaFX/2.2 Safari/535.14
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cache-Control: no-cache
Pragma: no-cache
Host: iniciolauncherfx.tumblr.com
Connection: keep-alive
ResponseHTTP/1.1 302 Found
Date: Tue, 27 Dec 2022 23:39:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Rid: 95849d0e125657d5e45e951162747765
P3p: CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001
Location: https://iniciolauncherfx.tumblr.com/
X-UA-Compatible: IE=Edge,chrome=1
X-UA-Device: desktop
Vary: X-UA-Device, Accept
-
Remote address:8.8.8.8:53Requestassets.tumblr.comIN AResponseassets.tumblr.comIN A192.0.77.40
-
Remote address:8.8.8.8:53Requestpx.srvcs.tumblr.comIN AResponsepx.srvcs.tumblr.comIN A192.0.77.40
-
Remote address:8.8.8.8:53Requeststatic.tumblr.comIN AResponsestatic.tumblr.comIN A192.0.77.40
-
408 B 219 B 5 5
-
408 B 219 B 5 5
-
408 B 219 B 5 5
-
4.6kB 171.9kB 82 148
-
354 B 132 B 3 3
-
697 B 1.3kB 6 5
HTTP Request
GET http://iniciolauncherfx.tumblr.com/HTTP Response
302 -
190 B 92 B 4 2
-
1.6kB 16.1kB 17 19
-
1.5kB 6.8kB 13 12
-
1.4kB 6.5kB 12 10
-
1.7kB 7.0kB 13 14
-
2.2kB 7.0kB 13 14
-
1.5kB 5.8kB 12 10
-
61 B 111 B 1 1
DNS Request
www.dropbox.com
DNS Response
162.125.8.18
-
72 B 104 B 1 1
DNS Request
files.launcherfenix.com.ar
DNS Response
104.21.72.175172.67.153.84
-
69 B 304 B 1 1
DNS Request
launchermeta.mojang.com
DNS Response
13.107.237.6713.107.238.67
-
74 B 106 B 1 1
DNS Request
profile.launcherfenix.com.ar
DNS Response
172.67.153.84104.21.72.175
-
73 B 105 B 1 1
DNS Request
iniciolauncherfx.tumblr.com
DNS Response
74.114.154.2274.114.154.18
-
63 B 79 B 1 1
DNS Request
assets.tumblr.com
DNS Response
192.0.77.40
-
65 B 81 B 1 1
DNS Request
px.srvcs.tumblr.com
DNS Response
192.0.77.40
-
63 B 79 B 1 1
DNS Request
static.tumblr.com
DNS Response
192.0.77.40