cbfbec1a1000c8f26e8571ee40149181769b7b3e726a106ca0873395ff60b0f7

Resubmissions

28/03/2025, 20:09

28/03/2025, 19:54

max time kernel
445s
max time network
446s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 19:54

Target

MfW10_Fix_Repair_UWP_V2_Generic/Launcher.exe
Size

347KB
MD5

0d99a45748e44931d02fb41e9109e75f
SHA1

bd0663ac151d9ae98775f09cfd8474ba6eaf0c4c
SHA256

af297a03aa02c3f3f77ab8c61d9e89f952c7ee41e646d6a93a0e2f050eb7c81f
SHA512

94b26a2347dce07002cb7a984c46005b7e5094f822f919c9045404181479a736bb86d9a04ac3277c4c98fe08e6466e412bd3232d4273f5371bc5e3456860eb1d
SSDEEP

6144:XUMx/y5qZuafofZMfwZj7CKIbohmTvI8+Z8xgBSl:EK8VfwwZjYboJ7Zno

Score

1^/10

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3108	Launcher.exe
3108	Launcher.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
776	OpenWith.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 4072	3108	Launcher.exe	82
PID 3108 wrote to memory of 4072	3108	Launcher.exe	82
PID 3108 wrote to memory of 2156	3108	Launcher.exe	84
PID 3108 wrote to memory of 2156	3108	Launcher.exe	84

C:\Users\Admin\AppData\Local\Temp\MfW10_Fix_Repair_UWP_V2_Generic\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\MfW10_Fix_Repair_UWP_V2_Generic\Launcher.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start minecraft:
  2⤵
  - Modifies registry class
  PID:4072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:2156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:776