Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

LauncherFe...v7.exe

windows7-x64

1

LauncherFe...v7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 22:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LauncherFenix-Minecraft-v7.exe

  • Size

    397KB

  • MD5

    d99bb55b57712065bc88be297c1da38c

  • SHA1

    fb6662dd31e8e5be380fbd7a33a50a45953fe1e7

  • SHA256

    122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

  • SHA512

    3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

  • SSDEEP

    3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in Program Files directory 12 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
    "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3360
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:3256
  • C:\Windows\System32\GameBarPresenceWriter.exe
    "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
    1⤵
      PID:2076
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4316
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
      1⤵
      • Checks processor information in registry
      • Modifies registry class
      PID:3052

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
      Filesize

      46B

      MD5

      6531b8c1a296c0fd80dedea0f62bdf5e

      SHA1

      d30a752c6201ab708a9b5ee3ad13e725f068a799

      SHA256

      930c3fb931f3aeb163c06b8713c61a40fc9a87ee70d2bb22025ff880a815bd7a

      SHA512

      fafc323adc85b6e6712195db23dd2cf998d723cfd3a827edf10cf96d216a234f0abf250f0f419403227f47a9ce15c703ae8ecac58d80213761098452a0c7e766

      Download Submit

    • memory/3360-47-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-65-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-75-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-21-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-27-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-37-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-44-0x0000017556E70000-0x0000017556E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3360-4-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-16-0x0000017556E70000-0x0000017556E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3360-50-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-64-0x0000017556E70000-0x0000017556E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3360-66-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-67-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-68-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-71-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-73-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3360-74-0x0000017556E90000-0x0000017557E90000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4756-17-0x0000000000400000-0x0000000000462000-memory.dmp

      Filesize

      392KB

      Download