Overview

overview

7

Static

static

1

ATLauncher....0.exe

windows7-x64

7

ATLauncher....0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-02-2023 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ATLauncher-setup-1.1.0.0.exe

  • Size

    2.6MB

  • MD5

    2f9d674c4b426de69d4229c7778d88c4

  • SHA1

    9d75fdd18d4c32bc93c6c828ac3b4019db1f0931

  • SHA256

    28272caadd4df846e1f19ca4c5932fa3ec0348f0e36a8e1395a30b2a005c7656

  • SHA512

    fc9a5a6cb89cc61666055248391c54a2f5c0845dda72bbdbf469d3679c26b3546b7ab048c68ceeaa9f507e10ac4f83402a5303b58a465f1010608a02ec6c728f

  • SSDEEP

    24576:k7FUDowAyrTVE3U5F349LBNaSG0b79VFVoCxQQMkcxVyMhqrHzEhbjRN8lTRa7I3:kBuZrEU89tRGu79DOHfkMhqgJjvWasrj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ATLauncher-setup-1.1.0.0.exe
    "C:\Users\Admin\AppData\Local\Temp\ATLauncher-setup-1.1.0.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5020
    • C:\Users\Admin\AppData\Local\Temp\is-RQ5I2.tmp\ATLauncher-setup-1.1.0.0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-RQ5I2.tmp\ATLauncher-setup-1.1.0.0.tmp" /SL5="$90042,1526449,1202176,C:\Users\Admin\AppData\Local\Temp\ATLauncher-setup-1.1.0.0.exe"
      2⤵
      • Executes dropped EXE
      PID:5056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-RQ5I2.tmp\ATLauncher-setup-1.1.0.0.tmp
    Filesize

    3.4MB

    MD5

    1be2486aed74952c47fe38df49f206bd

    SHA1

    1bde8ae3ccf48870afdb880bbdc821c2cd72ed09

    SHA256

    c2b4f7cf25d80593f1db7465a8f66d346f58271d3a1ab1ab505885f063cf1a65

    SHA512

    f3549a9f594d749ea40d45b602d14843f025f4b671c9d3762c5910a90804ba77e4bb5dd3dcf55d3a02a50dba83c74cb34260b8f1e566885a989bf1af753b4b4b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-RQ5I2.tmp\ATLauncher-setup-1.1.0.0.tmp
    Filesize

    3.4MB

    MD5

    1be2486aed74952c47fe38df49f206bd

    SHA1

    1bde8ae3ccf48870afdb880bbdc821c2cd72ed09

    SHA256

    c2b4f7cf25d80593f1db7465a8f66d346f58271d3a1ab1ab505885f063cf1a65

    SHA512

    f3549a9f594d749ea40d45b602d14843f025f4b671c9d3762c5910a90804ba77e4bb5dd3dcf55d3a02a50dba83c74cb34260b8f1e566885a989bf1af753b4b4b

    Download Submit

  • memory/5020-132-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/5020-137-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/5056-134-0x0000000000000000-mapping.dmp

    Download