Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
100s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
16/02/2023, 18:50
Static task
static1
Behavioral task
behavioral1
Sample
tlauncher-2_67.exe
Resource
win7-20221111-en
21 signatures
150 seconds
Behavioral task
behavioral2
Sample
tlauncher-2_67.exe
Resource
win10v2004-20220812-en
3 signatures
150 seconds
General
-
Target
tlauncher-2_67.exe
-
Size
2.7MB
-
MD5
148dad5c69d17832a8b611f3bf0570f2
-
SHA1
fbc42d255c66287e2a942c6175bf66c568757766
-
SHA256
b8b83c0bab9ea98c5c79a2d5a20fa7253f868fd7008d1c8e92ece5e58d19c569
-
SHA512
cd33439f31f93abbf3a4b041a0c2ed7073281cb90583c56719b5f526686cda8fa1acf5dcc866b89afcc7493257dc43f991e062485a1dd4cb7a7d2221f2cc4dda
-
SSDEEP
49152:i3ulB7oLOUQgIwZ6EMaE1WecsHLYelgRV8PmM7NAZod4Z1uSM:8ulBAOUDIwZ6EMayAsrpUPxY
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 12 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb javaw.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb javaw.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4028 javaw.exe 4028 javaw.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4020 wrote to memory of 4028 4020 tlauncher-2_67.exe 80 PID 4020 wrote to memory of 4028 4020 tlauncher-2_67.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\tlauncher-2_67.exe"C:\Users\Admin\AppData\Local\Temp\tlauncher-2_67.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4020 -
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\tlauncher-2_67.exe"2⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4028
-