Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

FantasyLauncher.rar

windows10-1703-x64

3

FantasyLauncher.exe

windows10-1703-x64

9

$PLUGINSDI...er.dll

windows10-1703-x64

3

$PLUGINSDI...ls.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...ll.dll

windows10-1703-x64

3

$PLUGINSDIR/app-64.7z

windows10-1703-x64

3

LICENSE.electron.txt

windows10-1703-x64

1

LICENSES.c...m.html

windows10-1703-x64

4

MysticLauncher.exe

windows10-1703-x64

9

chrome_100...nt.pak

windows10-1703-x64

3

chrome_200...nt.pak

windows10-1703-x64

3

d3dcompiler_47.dll

windows10-1703-x64

1

ffmpeg.dll

windows10-1703-x64

1

icudtl.dat

windows10-1703-x64

3

libEGL.dll

windows10-1703-x64

1

libGLESv2.dll

windows10-1703-x64

1

resources/elevate.exe

windows10-1703-x64

3

v8_context...ot.bin

windows10-1703-x64

3

vk_swiftshader.dll

windows10-1703-x64

1

vk_swiftsh...d.json

windows10-1703-x64

3

vulkan-1.dll

windows10-1703-x64

1

$PLUGINSDI...ec.dll

windows10-1703-x64

3

$PLUGINSDI...7z.dll

windows10-1703-x64

3

$R0/Uninst...er.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/08/2024, 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FantasyLauncher.rar

  • Size

    90.9MB

  • MD5

    90ba79188cb3fe7b4f4338ccf6596c0e

  • SHA1

    1cd51e8bfc704829f2b449e4d554ff643d8da0fe

  • SHA256

    5f4b9ae4506d950030be7c04bbc0cc038b63b862401c34d5130ddaddd66976bf

  • SHA512

    9751ac5f66e2e97ad54d836a9d3059b368cb21afcb311747bdecf29a0f2ece3122e0145d92959d751281c143f6e14ed1345a16715e619bc62d87a4568679f2b4

  • SSDEEP

    1572864:iqjBlGEbZRn1qOwNtTp+FsFcaLHY4CnT5ba/I0/Pvvauq292xwDO5zyUjij:iKOEDn0Tp+FO8k/I0XvvauqE2xLyUjs

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 19 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\FantasyLauncher.rar
    1⤵
    • Modifies registry class
    PID:5084
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:700
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1324
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1916
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.0.1638710019\795858977" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e303ea1e-3d5e-4407-a407-60fbd6f73185} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 1764 1ede1bd8858 gpu
          3⤵
            PID:5076
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.1.781296870\671918940" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aad77d7-3f97-404d-bd93-03966a0fc9a0} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 2120 1edcf772858 socket
            3⤵
              PID:4408
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.2.635924279\1238292370" -childID 1 -isForBrowser -prefsHandle 2716 -prefMapHandle 2756 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74a0a3e4-9902-4e5f-bda5-d1298e4b667c} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 2532 1ede5d9c658 tab
              3⤵
                PID:3356
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.3.1337727859\974799301" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a8e03aa-8d6e-4a67-92a4-306b755150a5} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 3496 1edcf762858 tab
                3⤵
                  PID:2772
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.4.1567080095\1867618783" -childID 3 -isForBrowser -prefsHandle 4128 -prefMapHandle 4124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d90140a5-8160-4c3a-b431-98df1d8e9b78} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 4140 1ede788aa58 tab
                  3⤵
                    PID:4528
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.5.417636234\823441417" -childID 4 -isForBrowser -prefsHandle 2608 -prefMapHandle 4976 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {044da761-e7be-4711-a69a-08bac5c490fd} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 3628 1ede4c2db58 tab
                    3⤵
                      PID:2128
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.6.652684880\369581090" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5a5d110-5605-4d23-b385-df5a0b58d7aa} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 4920 1ede81c7e58 tab
                      3⤵
                        PID:916
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.7.553212791\85299816" -childID 6 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff4faecb-703f-454a-8365-7fc7b12c0082} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 5260 1ede8669258 tab
                        3⤵
                          PID:2440
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.8.2119761985\575311924" -childID 7 -isForBrowser -prefsHandle 6656 -prefMapHandle 6600 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {203687da-4eea-4fe4-b1fb-b57d017315a9} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 6268 1ede7c1ff58 tab
                          3⤵
                            PID:1224
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.9.537967496\1771446068" -parentBuildID 20221007134813 -prefsHandle 6428 -prefMapHandle 6964 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82a3ee83-78de-44a3-8543-727578df4448} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 6972 1ede7c20558 rdd
                            3⤵
                              PID:2236
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.10.112618358\299756524" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6196 -prefMapHandle 7000 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b631fb76-3793-4af1-9b4c-fd99aa2c24fe} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 7040 1ede8812558 utility
                              3⤵
                                PID:5088
                          • C:\Windows\system32\AUDIODG.EXE
                            C:\Windows\system32\AUDIODG.EXE 0x200
                            1⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:5172

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                            Filesize

                            2KB

                            MD5

                            33e751e132f0a1643365891f0fb6f688

                            SHA1

                            8f74008834c24f8901793a14b1ec83d2eedaa0f8

                            SHA256

                            925d79e3d6d7bdf2fc209855767bb5001f4b7305e8f9f9f57a617b18c6919940

                            SHA512

                            0f378dfaf2b19d089056ecaeaeffb5492587d193919bf5a2edf7198c852a27fdf21d8b1e8746bc20946f72bd973d8317173287617b22e2a6f4145b23dc75f206

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\37a4c0b4-e10b-4ac1-bd76-22f78740a395
                            Filesize

                            10KB

                            MD5

                            ffd982353ebb62fd057e727c603c7871

                            SHA1

                            e7af60546e0c1b4ffdaa2c590f95998b934d00b0

                            SHA256

                            2cc792cf16e66cd6e318ecbed3d0b3afbeac4be375c8e8f43c5b6300bf1093c5

                            SHA512

                            0496c9a3c0e9877b35b72c37fe3a93f461a8af3510027a5587f9a6b74806feda4d05d818003f49b42a829538c0a3fc1513aae3da39a2b3ed0057a483d14117ee

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\72b12af7-bb16-4992-a240-3ffdda675012
                            Filesize

                            746B

                            MD5

                            e3f630985f65fbf721c86d32c6e2feb4

                            SHA1

                            effc49b9e005ec737a14dde3185f5a6a6d9e0d06

                            SHA256

                            65051e3ababc003d225046d0328712eaa917b092abbcce83aaabb4f18320ba13

                            SHA512

                            1e01225805ad79609e25b7e743be93dd2bf35a8a532582d4d9d1d393216b4e670a50c8b9e65d34b1d8b2d8192123b92afa08abee40c1549fde1ca44c380d9a34

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            7bde7f68a47d8f1b71b18e9558606be5

                            SHA1

                            6d49437c7ba1939264f33fe11bf880b204b817d0

                            SHA256

                            6a70ec0b02683fb5595029ececf9539b34788be3d879b1bea8d62f4590f90abc

                            SHA512

                            b897ea0551b55ad7a34f5be060db8a1148313820bbb8ca902c55ed80b66945505957d5e1fb81ce9069f695b4eeb6aca162589d74f15837ac761cf150a3c32c21

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            88085cab30527f66309293166fbd150a

                            SHA1

                            838dd0b6d20c8af227c36192b2208329782aaf97

                            SHA256

                            718728be8fafa2732384e516fcce4d940d3f465bafdd22584b6b5746c006f1d4

                            SHA512

                            e7ef556988feb2f3cdc12af8a7498e061deaf3e9ea6bcc7d3f9062cb140cb00286d6149ce379af5eed69a5b2968eea6f1b821094d679e21aa000dc7a4f8fb82c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            1a3f6ee852957751a23cd781e9af74bb

                            SHA1

                            092abc24af1a2dccb32970a3548ffee92608e40a

                            SHA256

                            729e569d6f97b00e3f4387350990b081fc46b2b430970a6aae69d2ee40c5cb3e

                            SHA512

                            6dbbc4a6ba60124fd1581378bcef9c8b7b6b12643735f860765e41d22f85c038fea7027e7cc1d278489ac1730dbbb74a2d16405aa1545dac3581dbb74bad9c89

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            14KB

                            MD5

                            de917ab8d0730d5e91448b4ab41f81d8

                            SHA1

                            fc1ea4ef391f4c8e9320e8d65189539a02ddf43d

                            SHA256

                            bd0cc5502ed764bec07ca4ad3223eb48841dd866969bbd62ab168d84903e95ee

                            SHA512

                            39215cd55d64d036cbf9e0da5fc58e700c6419f1c7716cfea59b61865b25e1a5a0a8096fc739a04e2a4a816391335b2d34788f5a894bb7d1aac6ce25ff6e2c07

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            e806a0059ae34262f9c1a2a8a13d564e

                            SHA1

                            05104e54363b21a4300328b9f636292dcf00feee

                            SHA256

                            00204cb57febc32a2955a0465ab366930c401b47573dcc72e3b6acbf1c1efcb6

                            SHA512

                            d856afb72b2faf807a0ef6757bd98e8cdfb4cf9f6c61f8b9f1dc717076ca17402cf1492d3c04bcf29a4ff3171d6f8aaa74dbb363fea5a3819db3987fb7c2e547

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            15KB

                            MD5

                            ac199105e3e37a16438e7dc14f8f5a31

                            SHA1

                            d114ba08d6f02d787320e59ae0a980fda8f276bf

                            SHA256

                            d2c546f0620dcd0cdab21051895857a533222c81c41af9e98db4e61271eaa214

                            SHA512

                            5f133412f3caeeb977688e677946fbdbf4d642819d7fcb96b9a1db4a59a68e0e086e8ee638868d032e07ac290db61359be009886dfee3eef816bae32d1eb50f5

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            15KB

                            MD5

                            53d3c1d0f69d06fabde1cf123042f19d

                            SHA1

                            d4ce1f48603dec37315f43de8ee14bb65ef19bd1

                            SHA256

                            c725b2cda6e32958db62c846d457cff8bbd556f392a2bc9876bb81dff18158cb

                            SHA512

                            e927f3d81bb8b80f8bfd880d574ac33312405755133af09ad8204b31a91f91eb9b744c9d543c1b2399bc4a5ba72524777ab4230c41cadebc70dc4ca31df7b5f2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                            Filesize

                            184KB

                            MD5

                            7f868e557b098795d645df9ea302427f

                            SHA1

                            001f3306144559b4049a8ab139b4139f51e59c0e

                            SHA256

                            b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5

                            SHA512

                            56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

                            Download Submit