Analysis Overview
SHA256
122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
Threat Level: Known bad
The file LauncherFenix-Minecraft-v7.exe was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Bazar/Team9 Backdoor payload
Executes dropped EXE
Downloads MZ/PE file
Loads dropped DLL
Drops file in Program Files directory
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-01-04 23:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-01-04 23:55
Reported
2023-01-04 23:58
Platform
win7-20221111-en
Max time kernel
116s
Max time network
153s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7184142.tmp\jre-8u351-windows-x64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre7\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre7\bin\javaw.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Program Files\Java\jre7\bin\javaw.exe
"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb184f50,0x7fefb184f60,0x7fefb184f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb184f50,0x7fefb184f60,0x7fefb184f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1096 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1268 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1076,15164041401451672592,8114248488434461488,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1088 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1672 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1076,15164041401451672592,8114248488434461488,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1380 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3292 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3532 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3636 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3876 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3908 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3888 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3940 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4112 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4880 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4796 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5012 /prefetch:8
C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"
C:\Users\Admin\AppData\Local\Temp\jds7184142.tmp\jre-8u351-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds7184142.tmp\jre-8u351-windows-x64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,8659932165450911825,14944044404207856699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | www.dropbox.com | udp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 8.8.8.8:53 | files.launcherfenix.com.ar | udp |
| N/A | 172.67.153.84:443 | files.launcherfenix.com.ar | tcp |
| N/A | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| N/A | 13.107.237.67:443 | launchermeta.mojang.com | tcp |
| N/A | 8.8.8.8:53 | profile.launcherfenix.com.ar | udp |
| N/A | 172.67.153.84:80 | profile.launcherfenix.com.ar | tcp |
| N/A | 8.8.8.8:53 | iniciolauncherfx.tumblr.com | udp |
| N/A | 74.114.154.18:80 | iniciolauncherfx.tumblr.com | tcp |
| N/A | 74.114.154.18:443 | iniciolauncherfx.tumblr.com | tcp |
| N/A | 8.8.8.8:53 | assets.tumblr.com | udp |
| N/A | 8.8.8.8:53 | px.srvcs.tumblr.com | udp |
| N/A | 192.0.77.40:443 | px.srvcs.tumblr.com | tcp |
| N/A | 192.0.77.40:443 | px.srvcs.tumblr.com | tcp |
| N/A | 192.0.77.40:443 | px.srvcs.tumblr.com | tcp |
| N/A | 192.0.77.40:443 | px.srvcs.tumblr.com | tcp |
| N/A | 8.8.8.8:53 | static.tumblr.com | udp |
| N/A | 192.0.77.40:443 | static.tumblr.com | tcp |
| N/A | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 8.8.8.8:53 | accounts.google.com | udp |
| N/A | 172.217.168.238:443 | clients2.google.com | tcp |
| N/A | 142.251.36.45:443 | accounts.google.com | tcp |
| N/A | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| N/A | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 216.58.208.110:443 | apis.google.com | tcp |
| N/A | 216.58.208.99:443 | ssl.gstatic.com | tcp |
| N/A | 142.251.36.14:443 | tcp | |
| N/A | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| N/A | 142.251.36.14:443 | tcp | |
| N/A | 142.251.36.14:443 | tcp | |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 95.101.74.134:443 | www.java.com | tcp |
| N/A | 95.101.125.213:443 | www.oracle.com | tcp |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 69.192.64.212:443 | c.oracleinfinity.io | tcp |
| N/A | 69.192.66.17:443 | static.ocecdn.oraclecloud.com | tcp |
| N/A | 216.58.208.110:443 | udp | |
| N/A | 216.58.208.106:443 | content-autofill.googleapis.com | tcp |
| N/A | 142.251.36.14:443 | play.google.com | tcp |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 23.222.18.199:443 | tcp | |
| N/A | 95.101.125.213:443 | www.oracle.com | tcp |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 13.227.219.40:443 | consent.trustarc.com | tcp |
| N/A | 173.223.112.132:443 | tcp | |
| N/A | 13.36.218.177:443 | oracle.112.2o7.net | tcp |
| N/A | 13.227.219.40:443 | consent.trustarc.com | tcp |
| N/A | 95.101.74.215:443 | tcp | |
| N/A | 23.72.252.160:443 | tcp | |
| N/A | 69.192.64.212:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 69.192.71.29:443 | tcp | |
| N/A | 69.192.71.29:443 | tcp | |
| N/A | 2.20.8.83:443 | sdlc-esd.oracle.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 142.250.179.206:443 | sb-ssl.google.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| N/A | 23.65.205.24:443 | javadl-esd-secure.oracle.com | tcp |
| N/A | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| N/A | 23.65.205.24:443 | rps-svcs.oracle.com | tcp |
Files
memory/1992-54-0x0000000076411000-0x0000000076413000-memory.dmp
memory/2020-55-0x0000000000000000-mapping.dmp
memory/2020-56-0x000007FEFC4E1000-0x000007FEFC4E3000-memory.dmp
memory/2020-67-0x0000000002180000-0x0000000005180000-memory.dmp
memory/2020-69-0x0000000000280000-0x000000000028A000-memory.dmp
memory/2020-68-0x0000000000280000-0x000000000028A000-memory.dmp
memory/2020-70-0x0000000000530000-0x000000000053A000-memory.dmp
memory/2020-71-0x0000000000530000-0x000000000053A000-memory.dmp
memory/2020-72-0x0000000000530000-0x000000000053A000-memory.dmp
memory/2020-74-0x0000000002180000-0x0000000005180000-memory.dmp
memory/2020-75-0x0000000000530000-0x000000000053A000-memory.dmp
memory/2020-76-0x0000000000530000-0x000000000053A000-memory.dmp
memory/2020-77-0x0000000000530000-0x000000000053A000-memory.dmp
memory/2020-78-0x0000000000530000-0x000000000053A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 13996aa3ec9f8dbe7e64bc0730e33763 |
| SHA1 | 57b69eeb6c656a4caad21b86b67815a5729e3ab1 |
| SHA256 | a2baaec15a6ad1d0ca97f0644ec9a54b636327f34b76f37f6988fd1cf43f17d0 |
| SHA512 | 70c988c4441a6ff4f40e84e825c916b3c850712acc23d83d866959af4b22aa95918d654293ad1ae8cbc1d431a763ba7e6f8e764aa93758b2a2eba3994d13e076 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 13996aa3ec9f8dbe7e64bc0730e33763 |
| SHA1 | 57b69eeb6c656a4caad21b86b67815a5729e3ab1 |
| SHA256 | a2baaec15a6ad1d0ca97f0644ec9a54b636327f34b76f37f6988fd1cf43f17d0 |
| SHA512 | 70c988c4441a6ff4f40e84e825c916b3c850712acc23d83d866959af4b22aa95918d654293ad1ae8cbc1d431a763ba7e6f8e764aa93758b2a2eba3994d13e076 |
\??\pipe\crashpad_1472_JPETGVKQJPIWETTQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 13996aa3ec9f8dbe7e64bc0730e33763 |
| SHA1 | 57b69eeb6c656a4caad21b86b67815a5729e3ab1 |
| SHA256 | a2baaec15a6ad1d0ca97f0644ec9a54b636327f34b76f37f6988fd1cf43f17d0 |
| SHA512 | 70c988c4441a6ff4f40e84e825c916b3c850712acc23d83d866959af4b22aa95918d654293ad1ae8cbc1d431a763ba7e6f8e764aa93758b2a2eba3994d13e076 |
\??\pipe\crashpad_1048_YJYZWRFTPSYDCLQM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 13996aa3ec9f8dbe7e64bc0730e33763 |
| SHA1 | 57b69eeb6c656a4caad21b86b67815a5729e3ab1 |
| SHA256 | a2baaec15a6ad1d0ca97f0644ec9a54b636327f34b76f37f6988fd1cf43f17d0 |
| SHA512 | 70c988c4441a6ff4f40e84e825c916b3c850712acc23d83d866959af4b22aa95918d654293ad1ae8cbc1d431a763ba7e6f8e764aa93758b2a2eba3994d13e076 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 89cbb607d46fe9659cd21ef0ad0c3072 |
| SHA1 | 074f48f3c9035dde37ce2e68299afc48d8daa53c |
| SHA256 | 9c68a9ee3284471db94e09e5b4098baf54202fe9fc1b208b79f85bb81a0d59a0 |
| SHA512 | f6c10565c04bb6cb9ed88817bc445311d359576bc60346dafd71418927bbed43f5a6181003af581293d947807dfe2fdce2e41d09b4d30bb9986c496912b7b1af |
\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | a31934ccd73f7a7e8577760da875122a |
| SHA1 | 826a92c1cc6f700747e029851cc595ee4d26e306 |
| SHA256 | e49b02f51d1261ea1dc84f9c703a618f4de9bfde5d35e621152b3b90676a7b07 |
| SHA512 | 7086e37c9340f7fbef046c2d4647f3941b7858674cd0992f25ecbbf3ab1b0eb3f5c8e15f586b20dd2a7c4e8aadc681ca4ad44a9d569c6fc43d25e948f3aafd86 |
memory/2644-87-0x0000000000000000-mapping.dmp
C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 1e1753853ed61c76568d6b4b3e16fb61 |
| SHA1 | b547a534b049b43a92bb9071a8430c9b909c4927 |
| SHA256 | ce295a08f82a1a3ad94178cfed857ddb9e130bb90982776c8c63ccfeac518647 |
| SHA512 | 02aaa923ae1ec424c4d2c353f95a4aa470808dc8b1fce7c3cb31ed551dc779fbf3a71a67bfdde07cfeed464d0e8a5a932d577357c30ab8e5c060ed784971aba7 |
\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 8fe645033839de468330d414f8f05c72 |
| SHA1 | 9ebf7c9964e221366ea3eb6fd94ea1750ce89b24 |
| SHA256 | 6fa0e1984f12a3c6ddfe39d64464eb62bdb8594515b2d5cd2a50316ecda0b255 |
| SHA512 | 932d4053f06430b5b25e17e2b2150fe1824d16532efeed3f927b7ffa7d95b69988ecdeb7b737927e99e3e5d708241e33b237d12d13c8220114b1959782c57615 |
\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 8c5a37b26cf624811057c5590b253a1c |
| SHA1 | e371535891e654823cce2fa663eb6c312deb7dbd |
| SHA256 | bf2b49b7091460e80038421e232e8dfec5d3c83c38b0ab56484ef77baaaafeab |
| SHA512 | 805b027c37d470731d375f0dbb86ec1c6f6068481d64d8e6fd58b04d6c2802252fa1da10eaf83573f23c6c96cab25cad9ecd901f8fec7241cd7d3600e8f925a6 |
\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 9631fe4868ddf75350166c7a5ac4352c |
| SHA1 | 77116e0ae4c5f44097d286f868e1d779874392a5 |
| SHA256 | 194ac9c3c58db39b0cc84f5aaf59219972b8d56a957e6740d4a95c52f76b321c |
| SHA512 | f236f98affd50bc6c64ddeffac51f8ce918fba3952f924bde4fe69aad4d0ff4752bcffd2f42e5d7a087cca669266a3d76ed3c2a63ee36c5e9e24afee2a57102a |
\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | d9078228f0d30886b1065e70285edc70 |
| SHA1 | fd636bc898feb369a0b2201638a63f4a13710b86 |
| SHA256 | 814bbb0b2d335a74426e0a7e9679d313b9327daca8bae94e4bf175c8103fabe2 |
| SHA512 | b1644f0612365545a02bc65b9c4952295bcb9ef5176799499592d6fd271f5a608e8993448c1715ca093a2f6108dddfc9e92ecc238e19536b599a8ae48b244e14 |
\Users\Admin\AppData\Local\Temp\jds7184142.tmp\jre-8u351-windows-x64.exe
| MD5 | 10924c52c69aca20a976617690858a1c |
| SHA1 | 4868e4c78264dc5e46ad5554e4c9dd9d92daea1c |
| SHA256 | 733ca00e4d3b54ea04353df6a1a972f7e23bdb7e64ae85582999d13878c62386 |
| SHA512 | c737381747287817dacb64f4d6529a98fce978c4bc6036b71b67d69275657ff3aec4dfcf3e78fab914d3527e49455ccccfe2dfedef65cf9c80e177da667c6273 |
C:\Users\Admin\AppData\Local\Temp\jds7184142.tmp\jre-8u351-windows-x64.exe
| MD5 | 92b9b7ba1d04c3ce6557f3033f0199b3 |
| SHA1 | 114530cc045167c702cf24ee6061155aa3c1dae2 |
| SHA256 | a5e7bfd776674f3558590866af1d3c04a39fabd31384a0ac8e3f4b3e4fa79f8b |
| SHA512 | 8be067aaa8a5af15e8c267160abeedb6294ad28b616394022b0f36a9e56ef867d32902690634dddc43bbc4b38ad59ec3a6895abb41e8335cbe289b1d95549a3d |
memory/2816-94-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 0fedcf98fe85cabb65354a0f10110ba0 |
| SHA1 | 6a0ee850de6d060cb86a75746dbfe4a05bee265a |
| SHA256 | 63094b2fdb194fcf0c6272d753f9ccd64b9e63f04bc4e94d2099bd4098d918c2 |
| SHA512 | e021230b6f962af3708f3f7a848059363d9833f2925f706b0d0003184222f7d3d8c2df86de240acdb698262986f6bedeb01bdab2fb478de279ca213f217fc33b |
C:\Users\Admin\AppData\Local\Temp\jds7184142.tmp\jre-8u351-windows-x64.exe
| MD5 | 577d41bb8a39e48187ddc81b3160308b |
| SHA1 | 5d3c90d09b656095b223d1395677835a05a1020f |
| SHA256 | 593c14f8f20685b9cf380b4631160e2886742a3ccc0e9ffeb8f5b68625972ba2 |
| SHA512 | 0696706d1df2fa64388d00d4ee7b1f01c1ac33c31fe311399c36a091e3c8c2cfbdd37b88d5654804dba4c3d0518859cdb1ea49e97175d5e777420740dcc88a61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | fc4666cbca561e864e7fdf883a9e6661 |
| SHA1 | 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5 |
| SHA256 | 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b |
| SHA512 | c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e885a1b6bf299be5cd7518e17150f9e1 |
| SHA1 | 0b55ad0903d77d3ae5b02cac900af844c672d899 |
| SHA256 | 2f29941ab7c9a851ee0c5129e84932acb8730d7b8d1f39fbd7df054de2a73cb0 |
| SHA512 | 509894e521beff49bfb13ab09301ce8deb9bf8a243207d9bff44b620de18c5d06188989398426cd2de20be1ca36e863204336ae6e4d0a54be4b7fc6740f1deb6 |
\Users\Admin\AppData\Local\Temp\jds7184142.tmp\jre-8u351-windows-x64.exe
| MD5 | abc7b0bf2de449d7ef5303efbad983b4 |
| SHA1 | a4784e1874872c6be9a6157c40aedcb802a3c9ac |
| SHA256 | a45a8b04d0cc86ca24beb0637fca868152a75dbd0a69264cdfee5c16db963bed |
| SHA512 | 0df0d0d039b024393f73ed8fb2dd62333de41eb3b8dd0cb2b0e48dfa18a9f78187858879daf6f68e315091e294004ab6d638256f6a418a709cf789e2e0fe1265 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-01-04 23:55
Reported
2023-01-04 23:58
Platform
win10v2004-20221111-en
Max time kernel
91s
Max time network
150s
Command Line
Signatures
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4246620582-653642754-1174164128-1000\{A25F57E9-E7B4-4D32-9473-F1C65DC948A8} | C:\Windows\system32\svchost.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2620 wrote to memory of 4724 | N/A | C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe |
| PID 2620 wrote to memory of 4724 | N/A | C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
Network
| Country | Destination | Domain | Proto |
| N/A | 8.253.208.121:80 | tcp | |
| N/A | 8.253.208.121:80 | tcp | |
| N/A | 104.80.225.205:443 | tcp | |
| N/A | 20.189.173.12:443 | tcp | |
| N/A | 8.253.208.121:80 | tcp | |
| N/A | 8.253.208.121:80 | tcp | |
| N/A | 8.253.208.121:80 | tcp |
Files
memory/4724-132-0x0000000000000000-mapping.dmp
memory/4724-140-0x0000000002600000-0x0000000003600000-memory.dmp