Analysis
-
max time kernel
126s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20221111-es -
resource tags
-
submitted
27/12/2022, 18:44
General
-
Target
LauncherFenix-Minecraft-v7.exe
-
Size
397KB
-
MD5
d99bb55b57712065bc88be297c1da38c
-
SHA1
fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
-
SHA256
122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
-
SHA512
3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17
-
SSDEEP
3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK
Score
10/10
Malware Config
Signatures
-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload 7 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 6 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of FindShellTrayWindow 49 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"2⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6464f50,0x7fef6464f60,0x7fef6464f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1048 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1680 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3376 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3608 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3660 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3812 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3908 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3756 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3736 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3656 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4268 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4256 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4460 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4188 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4468 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4092 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4296 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4180 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=780 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3656 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4724 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3948 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3488 /prefetch:82⤵
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1040,13530266472614487960,13681051728299007396,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3952 /prefetch:82⤵
- Loads dropped DLL
-
-
C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\jds7193237.tmp\jre-8u351-windows-x64.exe"C:\Users\Admin\AppData\Local\Temp\jds7193237.tmp\jre-8u351-windows-x64.exe"3⤵
- Executes dropped EXE
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
26.4MB
MD501eadcdf5dff5610d60d750c67839f31
SHA1659d09bacd0f57002eaf5d91e2977365e813c1b4
SHA256e485e7ded3728a38436063c2add08afd6e6e2e6fa5381215159a830818dfee77
SHA51241cb083d3d0bf581cbb305705a3733b018964f8e090290e576f83242fcbb1e6cf2c34c20271e3ce75e01b2dc7467b4c80fb31f30eff38a70fd1305becd86311f
-
Filesize
3KB
MD55b758fbb3dbd968a8ccd18403ec20d2c
SHA15daa8448b01a6d6df9f477ddfdc10f1611e3c74e
SHA2565ebb0151351da5b4f176aa98899b7a8fea67369cb29a902fb877405b35c447d0
SHA51221b80345f7675511130b2ec679fac3905836d4e50f4efbd6252916ac7957772b6db1c9c27a8dad27e0a6a9388712d72e869e616e94a627fe6b5e13c26a13b44b
-
Filesize
61.3MB
MD531300d5a0e2e7ef983b45c1c14959dae
SHA1dc516d4db34ff6eddf703622f0c0d4febbeb76e8
SHA256de0f571f6afc797b77aaf4662f2a1a07a6a1abb4f96d0ce0dd1dc9f5a29bd221
SHA512db1679a17f9b1eb81ac99833ae9da8d6ba59fd179776a7c851d586d07e9fba3db635aab2002b744bebef1ca12755a5394e8106e19b942e75967b69ed2f398f2a
-
Filesize
34.2MB
MD5caa42489da32cef8b79b6618a0a9ca7f
SHA11ce30232fd80aef38ba8dd14d682666635fa3101
SHA256ed1d50e9db268146f9e0f766a86696cee4a809a714ca047979551395bd51260f
SHA512c716890e33aeb1ff2296db77ea67fa5142c82596f8f2590234ab97e41f4fc2a881c7d9bba882a79a2611b451e74a30ff2b27ab0dc1a74d392b47cf0d7c6beb5c
-
Filesize
34.3MB
MD585bf1bedab0526f60427cf2a1d3d6e16
SHA195932f7dc915444e37e120bfb538dc757aa4b118
SHA256b299feb83139e2febd189639cf19010ced1398fa46da12ddaf8b778500835658
SHA512f375436ee3d01f91e291a1549873e6b23dbd604a8a859120a32e533c05912241b422d6ca6cc557c5f08e5048e7da48c33fe7656912461eacc14b49fac33a2a82
-
Filesize
59.2MB
MD50909f971f64af1edf4645f63bd27f20a
SHA1b0df70acb08e369455bd9fa432bbb7c3e8555977
SHA25629c7f655df37d253072f96f5bdbcde9ce385429d2c68fe8d50041b45c371ae7f
SHA51252bdb0cf8a545e42a2a33efdc7e8733cd1bb99f83ad23abd275392b8261fa2b222fab99129db0199f8550910f48318e251ca1d4e08fb3fd73d1877e991892c8a
-
Filesize
61.3MB
MD562407bc2558ac07efc4bff94668b4d2d
SHA105f0229275978a9299e578039fec60129808f011
SHA256604eab42d69d63c3f93f7d5abbc51c0e810585ea1569636f33edeece1f71528f
SHA512b51d4feef8db1dd6c0545ca7616784558b4fe8a439ee5f33734b272cafc26841b409da010c46cffaf3a67fb962d123be531fe60dbe9c3fa3cb0a55bfa99d7a4b
-
Filesize
61.0MB
MD515d5720a3d5ffe803b72e46d5e3236e7
SHA1fc20296c76072a50ace5f55e016a3c06880a4e18
SHA2569d74b446616a895c36964e09b258ac4fc0c563f11d61b556b7b32706e4b73552
SHA512500bf101e9216f096c9a875fd17d2976b7fdb182524f35920c5bf6d27d5afbba0a84234dc8487a76b49fc23bb8babd48e0f1bdfd6a7e0bdaa5ac243b4ee044d9
-
Filesize
60.9MB
MD5f1c9e2625565d9c24c05aede072172e9
SHA10c15664fcd4665f12670b8a696f1777cff7c0748
SHA25690d24335c76aa83cf5b9816caacd4fd2234bd2161533bbc765f8125ed7bf563e
SHA5121882ab456ac96b39230c9f97bbd4d5c62356d3fa65604ceb45bb38723ec0081eb89e32fe2a92578df07941ab9282147ab52e46d25ffe92c6487f824a79af9f58
-
Filesize
8KB
-
Filesize
40KB
-
Filesize
48.0MB
-
Filesize
40KB
-
Filesize
40KB
-
Filesize
48.0MB
-
Filesize
8KB