Overview

overview

1

Static

static

1

LauncherFe...v7.exe

windows7-x64

1

LauncherFe...v7.exe

windows10-2004-x64

1

Resubmissions

19-03-2023 03:05

230319-dk76vagf8x 1

19-03-2023 03:02

230319-djmhraef46 1

Analysis

  • max time kernel
    75s
  • max time network
    333s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2023 03:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LauncherFenix-Minecraft-v7.exe

  • Size

    397KB

  • MD5

    d99bb55b57712065bc88be297c1da38c

  • SHA1

    fb6662dd31e8e5be380fbd7a33a50a45953fe1e7

  • SHA256

    122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

  • SHA512

    3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

  • SSDEEP

    3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
    "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1260
  • C:\Windows\System32\GameBarPresenceWriter.exe
    "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
    1⤵
      PID:2260
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        PID:3096
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.0.1239820794\933625619" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20182bc8-257e-485e-af86-3caf19c755e8} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 1936 127bdeee758 gpu
          3⤵
            PID:1416
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.1.1902270083\1204388484" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0d67742-19a6-4aac-bca8-132080440d83} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 2328 127b0f72b58 socket
            3⤵
              PID:2552
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.2.873899317\96589579" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3020 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9682d4be-f33d-47e4-a51a-c859475a0cd4} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 2900 127c1af2858 tab
              3⤵
                PID:4236
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.3.1679817189\2125201414" -parentBuildID 20221007134813 -prefsHandle 2796 -prefMapHandle 2684 -prefsLen 21397 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91c8840b-9e15-4096-a657-b72748ae5216} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 2820 127bdef0b58 gpu
                3⤵
                  PID:1740
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.4.1176902558\154546660" -childID 2 -isForBrowser -prefsHandle 3788 -prefMapHandle 3784 -prefsLen 26801 -prefMapSize 232675 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab11a73e-a048-485e-9c30-18a3990709dc} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 3800 127bef26758 tab
                  3⤵
                    PID:940
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.5.39668883\127026503" -childID 3 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 26801 -prefMapSize 232675 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d4b8ea9-905a-4091-89c6-5e5da0826c66} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 3960 127b0f61c58 tab
                    3⤵
                      PID:2568
                • C:\Windows\system32\OpenWith.exe
                  C:\Windows\system32\OpenWith.exe -Embedding
                  1⤵
                  • Suspicious use of SetWindowsHookEx
                  PID:1440
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                  1⤵
                    PID:2908
                  • C:\Windows\system32\werfault.exe
                    werfault.exe /h /shared Global\695c1101eeeb4c8ab590d66a864d2962 /t 236 /p 3096
                    1⤵
                      PID:4824

                    Network

                    MITRE ATT&CK Matrix ATT&CK v6

                    Initial Access

                    Execution

                    Persistence

                    Privilege Escalation

                    Defense Evasion

                    Credential Access

                    Discovery

                    Query Registry

                    1
                    T1012

                    System Information Discovery

                    1
                    T1082

                    Lateral Movement

                    Collection

                    Exfiltration

                    Command and Control

                    Impact

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      155KB

                      MD5

                      5a97601eded301ea62b2f2f69ccb4a4b

                      SHA1

                      4c79cfd7e3adcec95e8e2e9ff119c7c4e0588c43

                      SHA256

                      e1f5e396f05fd27070e393d5ba044963f146c90a01d65ad8ca978de70f55337a

                      SHA512

                      45c9112e04a4d78c647d86a1fc2d446900b8d21c3cc61306937750e365c8856a8de428f414cda82aac52c43a63943148314db750ade6f595df27b66641d42831

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\14534
                      Filesize

                      48KB

                      MD5

                      a9daec182e87f6f2d77647848fb9b009

                      SHA1

                      ff3cc4850b32ddda4b9fed66c41e5afdfbe0661a

                      SHA256

                      635cc510e88beb518d20ffd4d06ef79ac92ef8a1b2cdb6c59a0592d478f85fa3

                      SHA512

                      670e0ae735a61fa8f67d90366f4b231b66bcb0a5fc7e6b2e9a8664c35dd62c5a5467b2b1153082e6e04310bb5ac45fade3d80e0718a3e4c59655415791a80671

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\17351
                      Filesize

                      9KB

                      MD5

                      755adcdfdf371b8537c8b4d9ac2a656f

                      SHA1

                      ca83421ed352bc3fe055fc18f3195821e2dc5b59

                      SHA256

                      c5cde50ec44b232dd88e631cd26c5844eafa34abba04768c66928d0f8aada339

                      SHA512

                      4f7b65728f9304d71b2f731cc72eff3e832c48b10a6c61c474704c51934c27bb69faac1ef8f5e269a7a6b8f1b11d8c92dfa7b0bac8d45f5a15fd835aa476533d

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      701410ac8004ca24f132857792d33528

                      SHA1

                      28ccfab938ac49755b14de087654fa76951e2d44

                      SHA256

                      0944aa87d21a5f85a38e240f076be5bd21403a8e4aad02d5c6afb99e56fe30f7

                      SHA512

                      9e39fde9ef1efabf5ec0115f7f1cb6019b98c8f89d601b29f0cb5174a3f12d8c665e6bc24ee6ef77eccfa99629debee52fae612268c264769354425f7dc2f19b

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      77b84446a2faa675275dbeae171f548a

                      SHA1

                      275eafccfb166d2608ea4d698842160657645430

                      SHA256

                      419f0143e58f702990f7a2853e7f7ca1aaea2756fc89733cd6dc543d58173912

                      SHA512

                      4f8f10ac25aac69dabc2324aea89738a1badc8febb9ee9474278debdd78ce0895f5519232bee7269bd5edc1af4670c1a967d5467b3ee529878be2f91ebeb2546

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      0e48a29f58e1e417467cc051fec7be96

                      SHA1

                      d1bfdbfa3884d12bc5b87bde780ea9aa90190ae6

                      SHA256

                      b87f2b77e18dd22b117c1742cbe0151b43766251724fb22f233a7d094154ab56

                      SHA512

                      b9b5b09497ccf32577c60d305c87cc7c0a30c5422b32780a5fc47432b41af0721c76bed9134ddab288b1fc7f704dd0ec75e38c568faef7f1bc1941aa4925388e

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      ea2569cc5d2735587a681d92405bb962

                      SHA1

                      d3eb18ba0b516e411ead89cded56577b64f4f93e

                      SHA256

                      303ec456a4bf64e8bd3f0ef41a741e1558580322e84a47f508a1a4c9d8786ce8

                      SHA512

                      c011c13d4be7b5e7844592b32c0bfcfa33402cbc0a55e937ea041428dfbcd82af304bee6745f724afdfc5d425db3327279e4059b78b30727cca75fb60fa312f6

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      91d5e6016b70a404136e878eb7a1e928

                      SHA1

                      2684727b921a8ba74b7c4b475f211855b426c6f0

                      SHA256

                      7db855bbe6dd475d7d090b56e3332c14c2547b751c07847f77509b4459124f5c

                      SHA512

                      1ca16bd27c2d68cd5f1dac80e80fa79603f5a7cbcb9b491bfd5c50552656abf0e2be64356c3b72f274ba1d42a035e8a331fb16df7d26e217b24e1557822038c8

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      f73e52d124620d05267ba934f3b312d3

                      SHA1

                      34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

                      SHA256

                      fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

                      SHA512

                      4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      271B

                      MD5

                      c5f728c86c0fa8b17ba7036718ef8eb3

                      SHA1

                      17d6dad5d142561e1390e16044cf7fd0146e0d9f

                      SHA256

                      4f80c6d82d747da264a7dd74d088e2a8c1b4988018ec999b712c83b1b62190ac

                      SHA512

                      c8a310cdbb48b9417af10a70e095ad18247881dea6cd07340ae0cc8a0029d0d485384d7653d005298e4d66bdf5d77d4d9671213f4eafcfbc79cc65c4bdbc2cbd

                      Download Submit
                    • memory/1260-179-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-219-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-213-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-185-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-320-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-184-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-538-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-182-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-146-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-175-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/1260-150-0x0000000000C30000-0x0000000000C31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2908-235-0x000001C59CF40000-0x000001C59D669000-memory.dmp
                      Filesize

                      7.2MB

                      Download
                    • memory/3664-149-0x0000000000400000-0x0000000000462000-memory.dmp
                      Filesize

                      392KB

                      Download