Overview

overview

7

Static

static

1

TLauncher-....6.exe

windows7-x64

7

TLauncher-....6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    68s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    06/02/2023, 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.871-Installer-1.0.6.exe

  • Size

    23.7MB

  • MD5

    49fb0f13cdb8d7cad1487889b6becced

  • SHA1

    b71d98ec45e6f7314f0e33106485beef99b2ee7c

  • SHA256

    7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3

  • SHA512

    639fa23294556bf77080d420e7e1b5b7c07a8b1e93897c36a4f8e398c1c58de9b91636420102e68f6957c768793797728664e32dc38aa68315746882b4ebe1d9

  • SSDEEP

    393216:XX921sp/n85Pfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyV5:XN8s18hHExiTI3qqHp6zvKcfyV5

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe" "__IRCT:3" "__IRTSS:24870711" "__IRSID:S-1-5-21-1214520366-621468234-4062160515-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2020

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    ec4efe0ebb80b619737bd26180cc76cc

    SHA1

    7fd72c0eb6bee289e4b2714cf1fb8c197754811b

    SHA256

    b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

    SHA512

    384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    ec4efe0ebb80b619737bd26180cc76cc

    SHA1

    7fd72c0eb6bee289e4b2714cf1fb8c197754811b

    SHA256

    b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

    SHA512

    384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
    Filesize

    326KB

    MD5

    80d93d38badecdd2b134fe4699721223

    SHA1

    e829e58091bae93bc64e0c6f9f0bac999cfda23d

    SHA256

    c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

    SHA512

    9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
    Filesize

    1.7MB

    MD5

    1bbf5dd0b6ca80e4c7c77495c3f33083

    SHA1

    e0520037e60eb641ec04d1e814394c9da0a6a862

    SHA256

    bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

    SHA512

    97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
    Filesize

    97KB

    MD5

    da1d0cd400e0b6ad6415fd4d90f69666

    SHA1

    de9083d2902906cacf57259cf581b1466400b799

    SHA256

    7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

    SHA512

    f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    ec4efe0ebb80b619737bd26180cc76cc

    SHA1

    7fd72c0eb6bee289e4b2714cf1fb8c197754811b

    SHA256

    b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

    SHA512

    384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    ec4efe0ebb80b619737bd26180cc76cc

    SHA1

    7fd72c0eb6bee289e4b2714cf1fb8c197754811b

    SHA256

    b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

    SHA512

    384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    ec4efe0ebb80b619737bd26180cc76cc

    SHA1

    7fd72c0eb6bee289e4b2714cf1fb8c197754811b

    SHA256

    b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

    SHA512

    384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    ec4efe0ebb80b619737bd26180cc76cc

    SHA1

    7fd72c0eb6bee289e4b2714cf1fb8c197754811b

    SHA256

    b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

    SHA512

    384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
    Filesize

    326KB

    MD5

    80d93d38badecdd2b134fe4699721223

    SHA1

    e829e58091bae93bc64e0c6f9f0bac999cfda23d

    SHA256

    c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

    SHA512

    9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

    Download Submit

  • memory/2020-68-0x0000000000CB0000-0x0000000001098000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2020-71-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/2020-72-0x0000000000B50000-0x0000000000B53000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2020-73-0x0000000000CB0000-0x0000000001098000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2024-64-0x0000000002A70000-0x0000000002E58000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2024-66-0x0000000002A70000-0x0000000002E58000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2024-67-0x0000000002A70000-0x0000000002E58000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2024-54-0x0000000076391000-0x0000000076393000-memory.dmp

    Filesize

    8KB

    Download