Overview

overview

8

Static

static

ProstoLauncher.exe

windows7_x64

8

ProstoLauncher.exe

windows10_x64

8

Analysis

  • max time kernel
    150s
  • max time network
    191s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    20-06-2021 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ProstoLauncher.exe

  • Size

    157KB

  • MD5

    7410df6db7dd9dfc0c4103efa8d13fc9

  • SHA1

    ea2f19e981509d96ec2c775af8a1d158e79bfca4

  • SHA256

    e1cdac7f4cf342ffde7d1f1fd9ea4788166bc4f9bfe3706ba5ab71af38682f33

  • SHA512

    841809c71e617f90538893652174960efa67662b5d72d6d33bf131804140a2c57b51be2b25f865d33410cc419715a7d6a597ad1e16b05c85a44a447d9642191a

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\ProstoLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\ProstoLauncher.exe"
    1⤵
    • Modifies system certificate store
    PID:360

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/360-60-0x00000000005C0000-0x00000000005C2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/360-59-0x000007FEF28A0000-0x000007FEF3936000-memory.dmp
    Filesize

    16.6MB

    Download
  • memory/360-61-0x00000000005C6000-0x00000000005E5000-memory.dmp
    Filesize

    124KB

    Download