Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
27/12/2022, 23:39
221227-3nclsabh7y 127/12/2022, 23:35
221227-3k3c2agg92 627/12/2022, 23:31
221227-3hqw8abh6x 4Analysis
-
max time kernel
18s -
max time network
67s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27/12/2022, 23:39
Static task
static1
Behavioral task
behavioral1
Sample
LauncherFenix-Minecraft.jar
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
LauncherFenix-Minecraft.jar
Resource
win10v2004-20220812-en
General
-
Target
LauncherFenix-Minecraft.jar
-
Size
56KB
-
MD5
7a61030e60da59eb48d5430a175c38d3
-
SHA1
e21779e2d453397c6a2bbc6090ac49de8f0fe1ea
-
SHA256
2e33e36c9517efe86251a2f4294d822b55f344d189c9606189757f4ad17af38e
-
SHA512
27b143872d411088186fdf8178d3c05710795ceffbe75f227469025d309f845c4db3ad91aad0fce1b01671ef271b9bf0445d083d3c5008af2b8daf688e81320a
-
SSDEEP
1536:Fqv6lGMWvA34iBJZd8HJa3SUwxq7R83taXb:EvXMUA3bJZdwJjU3F1Xb
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz svchost.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D svchost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1" svchost.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4900 OpenWith.exe 4400 java.exe 4400 java.exe
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft.jar1⤵
- Suspicious use of SetWindowsHookEx
PID:4400
-
C:\Windows\System32\GameBarPresenceWriter.exe"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer1⤵PID:3708
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4900
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4980