Overview

overview

7

Static

static

1

TL_Installer_mcl.exe

windows7-x64

7

TL_Installer_mcl.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2023, 18:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TL_Installer_mcl.exe

  • Size

    115.1MB

  • MD5

    aef64b85dc923b7adbb7b0be2a013f94

  • SHA1

    172339b55345335399d29d00e5a80cd2dd6437e0

  • SHA256

    b0c73bdb6bfc363a79def270c6b8a8f13ee8ac99d1a4cb3329b2fd1944d9ab83

  • SHA512

    86b9c13b2b955fc9cd2350724c6d58372107df730695ba672bc312b6eb9cacbdef16af3ddc86e90e3295fedcb27706d223c0ee7badc3713d57eac04e3c9c5832

  • SSDEEP

    1572864:qHtBGkaPGT5lXmOo/8Q4JmWLvMC2gOTV7klGVxKowOHy1tvdmOjK5+/c1AXjNszY:s0GTXmyQecC2dOKUOS1T+5+U1Ues6y

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TL_Installer_mcl.exe
    "C:\Users\Admin\AppData\Local\Temp\TL_Installer_mcl.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Users\Admin\AppData\Local\Temp\is-E6ME3.tmp\TL_Installer_mcl.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-E6ME3.tmp\TL_Installer_mcl.tmp" /SL5="$7003A,118822770,1202176,C:\Users\Admin\AppData\Local\Temp\TL_Installer_mcl.exe"
      2⤵
      • Executes dropped EXE
      PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-E6ME3.tmp\TL_Installer_mcl.tmp
    Filesize

    3.4MB

    MD5

    c4bdcc28b2488943645b730afe1ebfdc

    SHA1

    2d74c765386522c71de4c6d41693b239f8d3e6e5

    SHA256

    a779655c9331698be7432c5e5b4a85a71406e1a7458549a01e885d6b0d1b6b4a

    SHA512

    e68f8d3c3aaa32f4e1c4b00dc9557488f16060ba43bfa3218e48d54609031870e7cb9408796a1e8b341b64eba2e2da902e7f2abedb8323d7052350ff5df04bfa

    Download Submit

  • memory/1532-133-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1532-140-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2732-138-0x0000000000A80000-0x0000000000A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2732-141-0x0000000000400000-0x0000000000775000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2732-142-0x0000000000A80000-0x0000000000A81000-memory.dmp

    Filesize

    4KB

    Download