Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

LauncherFe...v7.exe

windows7-x64

5

LauncherFe...v7.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    236s
  • max time network
    245s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2023, 03:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LauncherFenix-Minecraft-v7.exe

  • Size

    397KB

  • MD5

    d99bb55b57712065bc88be297c1da38c

  • SHA1

    fb6662dd31e8e5be380fbd7a33a50a45953fe1e7

  • SHA256

    122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

  • SHA512

    3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

  • SSDEEP

    3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 45 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
    "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://launcherfenix.com.ar/wope/register/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1708
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1392
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
    1⤵
      PID:964
    • C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
      1⤵
      • Drops file in System32 directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:836
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1784
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:524
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x56c
        1⤵
          PID:440
        • C:\Windows\System32\control.exe
          "C:\Windows\System32\control.exe" SYSTEM
          1⤵
            PID:336
          • C:\Windows\SysWOW64\DllHost.exe
            C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
            1⤵
              PID:1260
            • C:\Windows\explorer.exe
              "C:\Windows\explorer.exe"
              1⤵
                PID:1928

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/836-77-0x000007FEF28A0000-0x000007FEF32C3000-memory.dmp

                Filesize

                10.1MB

                Download

              • memory/836-81-0x0000000003F88000-0x0000000003FA7000-memory.dmp

                Filesize

                124KB

                Download

              • memory/836-80-0x0000000003F88000-0x0000000003FA7000-memory.dmp

                Filesize

                124KB

                Download

              • memory/836-79-0x000000001D900000-0x000000001D919000-memory.dmp

                Filesize

                100KB

                Download

              • memory/836-78-0x000007FEED880000-0x000007FEEE916000-memory.dmp

                Filesize

                16.6MB

                Download

              • memory/964-75-0x0000000071251000-0x0000000071253000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1412-54-0x0000000075771000-0x0000000075773000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1732-70-0x0000000005390000-0x000000000539A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/1732-73-0x0000000002060000-0x0000000005060000-memory.dmp

                Filesize

                48.0MB

                Download

              • memory/1732-69-0x0000000000250000-0x000000000025A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/1732-68-0x0000000000250000-0x000000000025A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/1732-67-0x0000000002060000-0x0000000005060000-memory.dmp

                Filesize

                48.0MB

                Download

              • memory/1732-56-0x000007FEFB6A1000-0x000007FEFB6A3000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1784-83-0x0000000140000000-0x00000001405E8000-memory.dmp

                Filesize

                5.9MB

                Download

              • memory/1784-84-0x0000000140000000-0x00000001405E8000-memory.dmp

                Filesize

                5.9MB

                Download

              • memory/1784-85-0x0000000140000000-0x00000001405E8000-memory.dmp

                Filesize

                5.9MB

                Download