Overview

overview

7

Static

static

1

TL_Install...cy.exe

windows7-x64

7

TL_Install...cy.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1652s
  • max time network
    1837s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    10/02/2023, 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TL_Installer_legacy.exe

  • Size

    115.1MB

  • MD5

    b8c78abd54561235d4180d82087b7902

  • SHA1

    8a53d5c6409490d6c679e9ea6ae87a846a9bdb3b

  • SHA256

    5ed560a642d19192beb2906c38947b076a46719e2b52cf655f3aac83106db226

  • SHA512

    ca524531c03e2dcf855177bc2242ae0380ec52c1f41991772537fde54ec236e7d3c96891a7128bdeaa34a443457cd46ddd8bcddf01edeb9a362fb2fb34be829f

  • SSDEEP

    3145728:bu0d/f07Lhq7sggz2l40chBXBRmu2QZ0h:b9Bs5xg02l40aRmu2Q8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TL_Installer_legacy.exe
    "C:\Users\Admin\AppData\Local\Temp\TL_Installer_legacy.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Users\Admin\AppData\Local\Temp\is-1ONGO.tmp\TL_Installer_legacy.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1ONGO.tmp\TL_Installer_legacy.tmp" /SL5="$1015E,118826823,1202176,C:\Users\Admin\AppData\Local\Temp\TL_Installer_legacy.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-1ONGO.tmp\TL_Installer_legacy.tmp
    Filesize

    3.4MB

    MD5

    427cf7a7886e875bbd1e20f38c5dcae4

    SHA1

    d9268b95627c9fa3a32905010aee981ba3d43d76

    SHA256

    bf8baa082ef95bf9aa5337ce25207614c77265a521734642ec8491026b780ef6

    SHA512

    b20602fb81afcae942bfdd61dbada78fcea435d1d995309ed317ba5873fe993b346cc02c44c6a8fa9dd93c825a85154ce73b3f49a71f164734b5a6fe5b1ec1b6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-1ONGO.tmp\TL_Installer_legacy.tmp
    Filesize

    3.4MB

    MD5

    427cf7a7886e875bbd1e20f38c5dcae4

    SHA1

    d9268b95627c9fa3a32905010aee981ba3d43d76

    SHA256

    bf8baa082ef95bf9aa5337ce25207614c77265a521734642ec8491026b780ef6

    SHA512

    b20602fb81afcae942bfdd61dbada78fcea435d1d995309ed317ba5873fe993b346cc02c44c6a8fa9dd93c825a85154ce73b3f49a71f164734b5a6fe5b1ec1b6

    Download Submit

  • memory/1052-54-0x0000000074FA1000-0x0000000074FA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1052-55-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1052-61-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download