58f51218b570f87624498682fb8e256dd9a118fcf30b78e5c71fa38064011d98 | Triage

Analysis

max time kernel
266s
max time network
288s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:22

Sharing

Report Analysis Logs

General

Target

CLaunch.exe
Size

996KB
MD5

980d8caace0df1867c6f29ee80b78d86
SHA1

9d9997126be1d061647439fd32e47daf1405ffa7
SHA256

58f51218b570f87624498682fb8e256dd9a118fcf30b78e5c71fa38064011d98
SHA512

574a0d2694658b8853485f644e20a16503d2412c1a1a94c3344177859f57d197354323875a0b0caa7721c05157b4692580b53f5dffdcc7bb4c5f114f01cc79f1
SSDEEP

24576:/NH/zqaN/R6HQifKM3tk762afDjcYeJNx8eTlaY5:/h/zNpdMjoNx8eTM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

CLaunch.exe

pid process

3756 CLaunch.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

CLaunch.exe

pid process

3756 CLaunch.exe

C:\Users\Admin\AppData\Local\Temp\CLaunch.exe
"C:\Users\Admin\AppData\Local\Temp\CLaunch.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads