122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

Analysis

max time kernel
75s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/02/2023, 02:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

LauncherFenix-Minecraft-v7.exe
Size

397KB
MD5

d99bb55b57712065bc88be297c1da38c
SHA1

fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256

122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512

3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17
SSDEEP

3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1940	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1940	AUDIODG.EXE
Token: 33	1940	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1940	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1988	javaw.exe
1988	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1988	2040	LauncherFenix-Minecraft-v7.exe	28
PID 2040 wrote to memory of 1988	2040	LauncherFenix-Minecraft-v7.exe	28
PID 2040 wrote to memory of 1988	2040	LauncherFenix-Minecraft-v7.exe	28
PID 2040 wrote to memory of 1988	2040	LauncherFenix-Minecraft-v7.exe	28

C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1988

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:816

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x578
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
363KB

MD5
86641b98e39cbb77824e24b7336015ed

SHA1
1f05631b4c8bf6fd71c26443b47018d14f675a10

SHA256
9a6b21880f546653eac0c65cd888b95fb80c2caaca4d097cec74aa77e5c443c8

SHA512
d912f78713882743152c12534313be9bdb691af5bb7cdfc4c71c827ea57ae050b08d75f06d3a49366e5d31f6792d6f8d89354ac1e875a0f2e7ece2a765889cb1

Download Submit
C:\vcredist2010_x64.log.html

Filesize
87KB

MD5
9386d1f99c63b52d01a8ffd72bd40a80

SHA1
11c57b74b84f6626cf8c810ec953f7fcd59b9a57

SHA256
3ff29869daeb828e4d677f80899ba36304d76041dd917e6709821a21e04eceb1

SHA512
fdbafad1234a5feefb9ee9db4c8d21752a5f1d5aace39d391e147030e9f63821c80bd645ea83f0bd0ce997cec293f70409043b20969ae5bce5924cc6cbb60ae3

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
379KB

MD5
11a4952950289ff4267804a87e80fd11

SHA1
2e73ddde0f4e5aa24684e8c602909301683cf75f

SHA256
595ad59f7ecb4d10ff60a33264796c75f656d532bd64237c9c94176191b60240

SHA512
941225ee4a5a53324e0f80f0f05a8f8ba384a602aafbe335ed081cd52114769593bc3aa93b5a07866c1defefc5ceb67d9eea99babfcb69edc75475f03eb57eb1

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
c83143fcd5b040ad94cb0698f520d079

SHA1
b0483969b6196afc592c8d5231df38727b69679c

SHA256
df00cb71ddc1511032f5072f139fdb779bb6bfd41fc90b314c02bff70c238f0f

SHA512
00b7fe0f002489a7f5aa8664a7ad7ae851b3a77ed66b279b5c111a0609d3b273765fab473224cdd1b872395ba01d129c2fa4b1c5ad6e3af3cadf24ad3cd7e12f

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
165KB

MD5
a2d5b6b1f983a431c26654fd2ce14a18

SHA1
1d6c90fa34c87044f99d2cae6ad95b5ad32970ac

SHA256
6ee84612f5fff987a0163f94db46fca4838d7d094e864c409f51756250a38a0a

SHA512
3c86b80b3a9dfd547c4e1ecb6fe7db1ef28e7241e6494929d240d11ba47117584a54591c28d5917ca7712e1990cd2552b8e1394f1733ee3959d998b4ed86c426

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
193KB

MD5
e5a4efd96746cc5b331ca33c005a1c7a

SHA1
916b5f8e6356bfb17ef868ee5c218c0e7cce8aea

SHA256
d2782d2d1598de499b8490d7201b0be70a1aa7bea00009bf310ec8db06413f67

SHA512
d8ffa38591910dc15a24ee4f19f3b4a9534d2a7bd219ec0fa1b4107b45c87f03d5446b95ee8bf627ceaad1dd7c078c91ee71dc05d69bd619b27915c5efed4aeb

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
1e3280aeaa0b6549bcb1688348396111

SHA1
c522528493c174f884bd032673cee27f06944a84

SHA256
2bbef2d06c4195a67d0a7309848ab1f8e15c74df9240d78077770e062223b795

SHA512
e908074de5b32e1db8bfa2a998ed3a9fb81d7a639edb78369edcda522be021fffac12e8c89fe43652f1f87028c8e3fa7049a8e133db5659906737def762b4ec7

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
206KB

MD5
6f0c8786d6115af040feb4e0fccacaa6

SHA1
995829bd8e4bb0de4486f3e34d7d4edae8712c7a

SHA256
a3f7a7dcbcb4751c8338eab106d394ceee5cb9f08f6b910c221a60496b6815f4

SHA512
3c3c2e194f77483026fea1406f9fa3b7ffa572205595a58c3908d043d9d99e00e364bff9ab761b53785b617aede0454c57ae13fbe43adb07a08e3fdb5c084118

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
167KB

MD5
ab1238d5369fc481a3663040eba52435

SHA1
c24ccd6e80c13b4cd1ffb68edc94291304d1a170

SHA256
3096854be18127d19e8568d4c257491284dd403e62d48112ffb4895fafa67dd5

SHA512
aab32569b0ceda344ef5a888959139380316cca47d39435ac4aa517e856874106038a278375a4b50b80c380a33413b4f2c3d894f23082097f1dd44df2492a068

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
188KB

MD5
7adc3c8aad9773103a83c1b842450992

SHA1
0f399b1f05af5ebbb6d2c6753267efa6c4074d07

SHA256
6d1a70f7c7c0f0c19f8bc13c852163e26acfe132b0529e5eae0da8373edfa836

SHA512
6262dd3110a6f1f20508b267aab57194c5be5675445f169d81d4cdd49b425a3d21c0e1b678b28f9d009be02a711a5013cbb0922a91c055e65a5f6f2d58efeabe

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
b84ac4592205d3d53ad4643c7837f441

SHA1
79293c3409cca25c43c0e402842180f00827a26a

SHA256
068ff01bfee70efb85cd65f6266314de293c9c56171944b8e1b68873bbbd18f9

SHA512
f1d0f92e09f3d633c6026f55e67a487c63f7e91fc4a2ca061669ec843b21768b582fb6dbc465491e32f4e85b8035a17c9a1a3058acbb439ebe552bbdb0d0576c

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
196KB

MD5
3e09e308f1c44fb2ac5448aa4aaaad3b

SHA1
7fc8dace1e044670102905d7e8ab84b91059e35b

SHA256
61c270b7b17740560d21e004348f24fd39c30e0819a6cec511125023a8add4e2

SHA512
5e9af4185048ed7dee36ac3fca3ae5e0696c503555fc17493435d75299cdc1e1bb5a6ed109228e859464e3cd9a96cc0e9a0028be8b92eee4e2faff3dcbb39a66

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
121KB

MD5
9b3d85161315eb6032694cccc98aca87

SHA1
6045e13203debb8cff011295b9b657ddf3134fd4

SHA256
63369801174fe1555058b256b745a2c5128aade4163c6b57466d175783277dc7

SHA512
e52c7eebbf4346431445fa26c5cbe573a3e97bb3c027308ef542e8c9017e01af948bbb2ec74f4d385e24ccb35224082dd0b9dfd026a84ace5ede71c41db89861

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
127KB

MD5
3e8e9809cbbe48d8a2bb692817ec5126

SHA1
40f9388fc571823ba041845b0bad28fa046a4f77

SHA256
16af5429921ebe1212d4880e3d211fc879130f012fcaf47f3a1e83d27b309416

SHA512
6797dfb6029c28e3efa9e7abcfd1d32a1e690516ec9ee028835c062335de1102ba013c182f02898a4de2c416440872be6df5716fc71ebc558c77cdbefcddbc85

Download Submit
C:\vcredist2022_x86_001_vcRuntimeMinimum_x86.log

Filesize
121KB

MD5
40e41aa45d75db95d32655074114d8f6

SHA1
32125b56fa146d7aa25be2dde0169f5b2ff0146c

SHA256
d0a62f925eb9cc165bf1d9b6e18bbf91713c9a143b32fd9cd9b75bdc294d1d8c

SHA512
b63d66ed59afc25154bc79c45f11d21a812e1a4be551ec3da3d0c08ff199b261abf2f14d044304f519f616923d7b1aac1a57bfa7ab7c504e19333a8e6619405b

Download Submit
C:\vcredist2022_x86_002_vcRuntimeAdditional_x86.log

Filesize
133KB

MD5
c56ee71726926322a4f102f33ed0f4d1

SHA1
f6ece3f2a5a447b1df81d12e4693ec4980af623a

SHA256
57f045bfbf9ffc3fd49b85138883fb38d1ff5f1289c33c81a1cd5d1c83775e9f

SHA512
ef4caf72d4cdc3b48d607a20e293ded30454e4aabb25ac0d0178ed75d78f316d4f46e99f09ee8609a8949c350372a68e79adc49c7e3da63b42bd121215a057cc

Download Submit
memory/1988-74-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

Filesize
40KB

Download
memory/1988-75-0x0000000005290000-0x000000000529A000-memory.dmp

Filesize
40KB

Download
memory/1988-73-0x0000000002140000-0x0000000005140000-memory.dmp

Filesize
48.0MB

Download
memory/1988-70-0x0000000005290000-0x000000000529A000-memory.dmp

Filesize
40KB

Download
memory/1988-68-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

Filesize
40KB

Download
memory/1988-69-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

Filesize
40KB

Download
memory/1988-67-0x0000000002140000-0x0000000005140000-memory.dmp

Filesize
48.0MB

Download
memory/1988-56-0x000007FEFC241000-0x000007FEFC243000-memory.dmp

Filesize
8KB

Download
memory/2040-54-0x0000000076651000-0x0000000076653000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads