Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3Feather La....9.exe
windows7-x64
6Feather La....9.exe
windows10-2004-x64
6$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...64.exe
windows7-x64
7$PLUGINSDI...64.exe
windows10-2004-x64
7$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3Feather Launcher.exe
windows7-x64
5Feather Launcher.exe
windows10-2004-x64
5LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/...up.exe
windows7-x64
1resources/...up.exe
windows10-2004-x64
1resources/elevate.exe
windows7-x64
1resources/elevate.exe
windows10-2004-x64
1vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...ec.dll
windows7-x64
3Analysis
-
max time kernel
150s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 18:24
Static task
static1
Behavioral task
behavioral1
Sample
Feather Launcher Setup 1.5.9.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
Feather Launcher Setup 1.5.9.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/VC_redist.x64.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/VC_redist.x64.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Feather Launcher.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
Feather Launcher.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
LICENSES.chromium.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
LICENSES.chromium.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
d3dcompiler_47.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
ffmpeg.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral19
Sample
ffmpeg.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
libEGL.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral21
Sample
libEGL.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
libGLESv2.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral23
Sample
libGLESv2.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/native/cleanup.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/native/cleanup.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
resources/elevate.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral27
Sample
resources/elevate.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
vk_swiftshader.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral29
Sample
vk_swiftshader.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
vulkan-1.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral31
Sample
vulkan-1.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20231215-en
windows7-x64
General
-
Target
Feather Launcher.exe
-
Size
145.0MB
-
MD5
2e2bd5dfcdd123064c48a7920c62560d
-
SHA1
86e043e69cc6fa9930dcca5f00e1ae5e66735fe5
-
SHA256
cddcf8a2008fdf3c7bfe8337da7e2345ec72104e60fcc0ce392752cd35839430
-
SHA512
3336da9b2ac8893abf1a02e27ab8e63718c123db8078f9fcad507030dc85807d07941004045cdfb473830efaf3c94acb9b6be075d8932be7220b65dcfe506a58
-
SSDEEP
3145728:qFJz+MnHejtWPrMYQWXPQdP57obOO4X7v+N303rVl+:qFF+MnHejtWPrMYQWXPQdP57obOO4C6u
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation Feather Launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation Feather Launcher.exe -
Loads dropped DLL 1 IoCs
pid Process 2816 Feather Launcher.exe -
Modifies registry class 7 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\feathermc\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Feather Launcher.exe\" \"%1\"" Feather Launcher.exe Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\feathermc Feather Launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\feathermc\URL Protocol Feather Launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\feathermc\ = "URL:feathermc" Feather Launcher.exe Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\feathermc\shell\open\command Feather Launcher.exe Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\feathermc\shell Feather Launcher.exe Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\feathermc\shell\open Feather Launcher.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 Feather Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 Feather Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 Feather Launcher.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4012 Feather Launcher.exe 4012 Feather Launcher.exe 3812 Feather Launcher.exe 3812 Feather Launcher.exe 3000 Feather Launcher.exe 3000 Feather Launcher.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe Token: SeShutdownPrivilege 1108 Feather Launcher.exe Token: SeCreatePagefilePrivilege 1108 Feather Launcher.exe -
Suspicious use of WriteProcessMemory 48 IoCs
description pid Process procid_target PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 2404 1108 Feather Launcher.exe 85 PID 1108 wrote to memory of 3040 1108 Feather Launcher.exe 87 PID 1108 wrote to memory of 3040 1108 Feather Launcher.exe 87 PID 1108 wrote to memory of 2816 1108 Feather Launcher.exe 86 PID 1108 wrote to memory of 2816 1108 Feather Launcher.exe 86 PID 2816 wrote to memory of 4012 2816 Feather Launcher.exe 89 PID 2816 wrote to memory of 4012 2816 Feather Launcher.exe 89 PID 2816 wrote to memory of 3812 2816 Feather Launcher.exe 90 PID 2816 wrote to memory of 3812 2816 Feather Launcher.exe 90 PID 1108 wrote to memory of 3000 1108 Feather Launcher.exe 94 PID 1108 wrote to memory of 3000 1108 Feather Launcher.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe"1⤵
- Checks computer location settings
- Modifies registry class
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1108 -
C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1704,i,12395519366800356350,10435275366938585,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:2404
-
-
C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --disable-blink-features=GetDisplayMedia --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2360 --field-trial-handle=1704,i,12395519366800356350,10435275366938585,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe" C:\Users\Admin\AppData\Local\Temp\resources\app.asar\preload\preload-mod-watcher-fork.js3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4012
-
-
C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe" C:\Users\Admin\AppData\Local\Temp\resources\app.asar\preload\preload-skin-watcher-fork.js3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3812
-
-
-
C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --mojo-platform-channel-handle=1916 --field-trial-handle=1704,i,12395519366800356350,10435275366938585,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵PID:3040
-
-
C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Feather Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1704,i,12395519366800356350,10435275366938585,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3000
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.0MB
MD53e022fe9cb40a17338105d8cb8ce99cd
SHA125bd2a494ecb5eb9091e49ea71f52dcb68b3de5c
SHA256c24aa8126220a2363bf10d16a7b19e203146537aed1a0c08414f964268b4d030
SHA512b11755e8ccabeb2d3ddd6b7d680b427b8e57203db5eaa510e645979ab96b887320ad78039da536b1d182f922afda428fcaf27ae459f9f84816a8bc67bd4955c4
-
Filesize
86B
MD5d11dedf80b85d8d9be3fec6bb292f64b
SHA1aab8783454819cd66ddf7871e887abdba138aef3
SHA2568029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA5126b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0
-
Filesize
625B
MD5d2efb695cd4811c5aa72c631e2df85d2
SHA1a970689805c4ac0e5c902c297e5362b57bd11ef0
SHA2561b98209d5d725dbf58a7d650a81fedaf69de0feba7c5b8ece56e4b16b73bf9a6
SHA5123e20ba10c6daa76519eda53cb8e50710c133f29115be43a8a339078192e6d3df2ace7ac2dd151ea44ecea6105a8203e686810c089b1e9f8af304bfbb24aa0f1b
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
370B
MD581a404a7d35b5a520a14d03c55db25f8
SHA1df9f07e56e871cc91a1784c33d0491c2474b2f02
SHA256dcdb21600fc8aaec023fe19d327e7b0440b0696b220f8c638c59b483afe4c13d
SHA51275986e8fd71a137c502696e4f8e68ea9e5b1bd64e929b2f846f9303f9bbd0ec61a055c6331cb035206953dd55d1ba67eb5f63f204b996d410dae9535a8d152a6
-
Filesize
370B
MD57137c04030d993099f14207e7b641827
SHA1ef468b6c08b946c91e9673664c6b33f55ab0bb73
SHA25646c6b91f05eb8735659e9091213873d274fa37923c2f0c4a691deda31de66390
SHA512ca3d449c49eb76183927153c7c9f4c07f2a50bceabf2f65bb03b0aba322181f59c80a22e430d30e5c138f3cf922a72245b22f9fb054e2773ef480980ce8fe210
-
Filesize
370B
MD52c0e585e502696acc22dc798b9e0a2ef
SHA1370819366e8d5803b6027ac5a71d0a3e32270c1a
SHA25641a93cee6a000fa2055a7444786df6596b7ad35d142d7e61c7c7f6240a59f965
SHA5125ec0dbc944744063f82829aa12dd60de806876869863ec6d70b5c943874e9a1149cd43ad35e32980810c4dc8499ecf6557782a751380170952ad914962489611
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84