Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

TLauncher-2.68.jar

windows10-1703-x64

4

Resubmissions

23/12/2022, 02:22

221223-cty4vsag8y 4

23/12/2022, 02:19

221223-csa1msag8v 4

23/12/2022, 02:17

221223-cqzk8aff65 4

Analysis

  • max time kernel
    130s
  • max time network
    78s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/12/2022, 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.68.jar

  • Size

    4.6MB

  • MD5

    f6358b8ffcd0b6486ba9e34f7c60f1a8

  • SHA1

    abf3bd71f365852f040b2807f94fc7c41c56d44a

  • SHA256

    091174c660b9d8d753b3edaa72369e26663637bf09a9b81d53c530638b46cfb5

  • SHA512

    400b14b842cf0e9e0c84e74a1950dc1c4de8f40a87037e0e55dde4cd39196ec5f6168ec8604718d59c884b6733e7010d81fb5178ef4ceceb9b193a68f5cc455e

  • SSDEEP

    98304:myDlDwyJhnZoqh7W168gofU/kdQhd9vPl:mqJvnBlMKkdQhXF

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 24 IoCs
  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 38 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\TLauncher-2.68.jar
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:2124
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3588
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.68.jar"
      1⤵
      • Drops file in Program Files directory
      PID:4968
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4604

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
      Filesize

      50B

      MD5

      e73268db2da492a133661e2c09f69a5c

      SHA1

      3f4a48d018802006399d0612da750c03ffe0a519

      SHA256

      3b67f99de003667e487899a530037031d59a35fad8a49ec3e0eaed9f7e68c7c8

      SHA512

      24bb941ce68aea1d73fea905c0abc0f15db563f0280810713f5a2042bbe4f7062a4acc0f7975d4735e765f12f973e83cc61b8228895ab33d810c6e0ff9fe5b2a

      Download Submit

    • C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties
      Filesize

      51B

      MD5

      b9e8d7939a8f6334344ba90fac5029da

      SHA1

      c2a650e149076b39f6cbd35706b60eee54bf82a7

      SHA256

      5966e2b601cc0da5215861bff9fd329f4ee55bfa46ea465d0ec6927736bb4b58

      SHA512

      00728712e93a19df382047e9466e6cdae886c164da70bb841b65d8eadeeba14066357b0ee73ffa43042737fc6790657a5f0dbdace12580b3a12f90756388b296

      Download Submit

    • memory/2124-124-0x00000000027F0000-0x00000000037F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2124-135-0x00000000027F0000-0x00000000037F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2124-140-0x00000000027F0000-0x00000000037F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2124-143-0x00000000027F0000-0x00000000037F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2124-145-0x00000000027F0000-0x00000000037F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2124-146-0x00000000027F0000-0x00000000037F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2124-148-0x00000000027F0000-0x00000000037F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2124-149-0x00000000027F0000-0x00000000037F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4968-160-0x0000000002AD0000-0x0000000003AD0000-memory.dmp

      Filesize

      16.0MB

      Download