Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

TLauncher.exe

windows7-x64

7

TLauncher.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2023, 23:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher.exe

  • Size

    6.3MB

  • MD5

    545c62b3d98ee4cc02af837a72dd09c4

  • SHA1

    54446a007fd9b7363d9415673b0ac0232d5d70d5

  • SHA256

    738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

  • SHA512

    8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

  • SSDEEP

    196608:5f7ffML5vgtXB0IXf2tT2MzlHShlhmN7DGL:ulNIOtT22ShlA2

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4868
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1104

Network

  • flag-us
    DNS
    176.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.122.125.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    res.tlauncher.org
    javaw.exe
    Remote address:
    8.8.8.8:53
    Request
    res.tlauncher.org
    IN A
    Response
    res.tlauncher.org
    IN A
    78.46.66.120
  • flag-de
    GET
    http://res.tlauncher.org/b/client/jre/windows/jre-8u281-windows-x64.tar.gz
    javaw.exe
    Remote address:
    78.46.66.120:80
    Request
    GET /b/client/jre/windows/jre-8u281-windows-x64.tar.gz HTTP/1.1
    Host: res.tlauncher.org
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_66)
    Accept-Encoding: gzip,deflate
    Response
    HTTP/1.1 302
    Server: nginx
    Date: Wed, 19 Apr 2023 00:00:01 GMT
    Content-Length: 0
    Connection: keep-alive
    Location: https://cl1-res.tlauncher.org/client/jre/windows/jre-8u281-windows-x64.tar.gz
    Content-Language: en-US
    X-Frame-Options: sameorigin
    X-XSS-Protection: 1; mode=block
  • flag-de
    GET
    http://res.tlauncher.org/b/libraries/com/google/guava/guava/19.0/guava-19.0.jar
    javaw.exe
    Remote address:
    78.46.66.120:80
    Request
    GET /b/libraries/com/google/guava/guava/19.0/guava-19.0.jar HTTP/1.1
    Host: res.tlauncher.org
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_66)
    Accept-Encoding: gzip,deflate
    Response
    HTTP/1.1 302
    Server: nginx
    Date: Wed, 19 Apr 2023 00:00:01 GMT
    Content-Length: 0
    Connection: keep-alive
    Location: https://cl2-res.tlauncher.org/libraries/com/google/guava/guava/19.0/guava-19.0.jar
    Content-Language: en-US
    X-Frame-Options: sameorigin
    X-XSS-Protection: 1; mode=block
  • flag-us
    DNS
    cl2-res.tlauncher.org
    javaw.exe
    Remote address:
    8.8.8.8:53
    Request
    cl2-res.tlauncher.org
    IN A
    Response
    cl2-res.tlauncher.org
    IN A
    104.20.234.70
    cl2-res.tlauncher.org
    IN A
    104.20.235.70
  • flag-us
    DNS
    cl1-res.tlauncher.org
    javaw.exe
    Remote address:
    8.8.8.8:53
    Request
    cl1-res.tlauncher.org
    IN A
    Response
    cl1-res.tlauncher.org
    IN A
    104.20.234.70
    cl1-res.tlauncher.org
    IN A
    104.20.235.70
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    120.66.46.78.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    120.66.46.78.in-addr.arpa
    IN PTR
    Response
    120.66.46.78.in-addr.arpa
    IN PTR
    static120664678clients your-serverde
  • flag-us
    DNS
    70.234.20.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    70.234.20.104.in-addr.arpa
    IN PTR
    Response
  • flag-de
    GET
    http://res.tlauncher.org/b/libraries/org/apache/commons/commons-lang3/3.4/commons-lang3-3.4.jar
    javaw.exe
    Remote address:
    78.46.66.120:80
    Request
    GET /b/libraries/org/apache/commons/commons-lang3/3.4/commons-lang3-3.4.jar HTTP/1.1
    Host: res.tlauncher.org
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_66)
    Accept-Encoding: gzip,deflate
    Response
    HTTP/1.1 302
    Server: nginx
    Date: Wed, 19 Apr 2023 00:00:33 GMT
    Content-Length: 0
    Connection: keep-alive
    Location: https://cl2-res.tlauncher.org/libraries/org/apache/commons/commons-lang3/3.4/commons-lang3-3.4.jar
    Content-Language: en-US
    X-Frame-Options: sameorigin
    X-XSS-Protection: 1; mode=block
  • flag-de
    GET
    http://res.tlauncher.org/b/libraries/net/sf/jopt-simple/jopt-simple/4.9/jopt-simple-4.9.jar
    javaw.exe
    Remote address:
    78.46.66.120:80
    Request
    GET /b/libraries/net/sf/jopt-simple/jopt-simple/4.9/jopt-simple-4.9.jar HTTP/1.1
    Host: res.tlauncher.org
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_66)
    Accept-Encoding: gzip,deflate
    Response
    HTTP/1.1 302
    Server: nginx
    Date: Wed, 19 Apr 2023 00:00:39 GMT
    Content-Length: 0
    Connection: keep-alive
    Location: https://cl2-res.tlauncher.org/libraries/net/sf/jopt-simple/jopt-simple/4.9/jopt-simple-4.9.jar
    Content-Language: en-US
    X-Frame-Options: sameorigin
    X-XSS-Protection: 1; mode=block
  • flag-de
    GET
    http://res.tlauncher.org/b/libraries/log4j/log4j/1.2.17/log4j-1.2.17.jar
    javaw.exe
    Remote address:
    78.46.66.120:80
    Request
    GET /b/libraries/log4j/log4j/1.2.17/log4j-1.2.17.jar HTTP/1.1
    Host: res.tlauncher.org
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_66)
    Accept-Encoding: gzip,deflate
    Response
    HTTP/1.1 302
    Server: nginx
    Date: Wed, 19 Apr 2023 00:00:53 GMT
    Content-Length: 0
    Connection: keep-alive
    Location: https://cl1-res.tlauncher.org/libraries/log4j/log4j/1.2.17/log4j-1.2.17.jar
    Content-Language: en-US
    X-Frame-Options: sameorigin
    X-XSS-Protection: 1; mode=block
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    233.141.123.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.141.123.20.in-addr.arpa
    IN PTR
    Response
  • flag-de
    GET
    http://res.tlauncher.org/b/libraries/org/tukaani/xz/1.5/xz-1.5.jar
    javaw.exe
    Remote address:
    78.46.66.120:80
    Request
    GET /b/libraries/org/tukaani/xz/1.5/xz-1.5.jar HTTP/1.1
    Host: res.tlauncher.org
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_66)
    Accept-Encoding: gzip,deflate
    Response
    HTTP/1.1 302
    Server: nginx
    Date: Wed, 19 Apr 2023 00:01:17 GMT
    Content-Length: 0
    Connection: keep-alive
    Location: https://cl2-res.tlauncher.org/libraries/org/tukaani/xz/1.5/xz-1.5.jar
    Content-Language: en-US
    X-Frame-Options: sameorigin
    X-XSS-Protection: 1; mode=block
  • flag-de
    GET
    http://res.tlauncher.org/unb/libraries/org/tukaani/xz/1.5/xz-1.5.jar
    javaw.exe
    Remote address:
    78.46.66.120:80
    Request
    GET /unb/libraries/org/tukaani/xz/1.5/xz-1.5.jar HTTP/1.1
    Host: res.tlauncher.org
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_66)
    Accept-Encoding: gzip,deflate
    Response
    HTTP/1.1 302
    Server: nginx
    Date: Wed, 19 Apr 2023 00:01:36 GMT
    Content-Length: 0
    Connection: keep-alive
    Location: http://cdn3-res.tlauncher.org/libraries/org/tukaani/xz/1.5/xz-1.5.jar
    Content-Language: en-US
    X-Frame-Options: sameorigin
    X-XSS-Protection: 1; mode=block
  • flag-de
    GET
    http://res.tlauncher.org/b/libraries/org/tlauncher/tlauncher-resource/1.4/tlauncher-resource-1.4.jar
    javaw.exe
    Remote address:
    78.46.66.120:80
    Request
    GET /b/libraries/org/tlauncher/tlauncher-resource/1.4/tlauncher-resource-1.4.jar HTTP/1.1
    Host: res.tlauncher.org
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_66)
    Accept-Encoding: gzip,deflate
    Response
    HTTP/1.1 302
    Server: nginx
    Date: Wed, 19 Apr 2023 00:02:01 GMT
    Content-Length: 0
    Connection: keep-alive
    Location: https://cl2-res.tlauncher.org/libraries/org/tlauncher/tlauncher-resource/1.4/tlauncher-resource-1.4.jar
    Content-Language: en-US
    X-Frame-Options: sameorigin
    X-XSS-Protection: 1; mode=block
  • flag-us
    DNS
    cdn3-res.tlauncher.org
    javaw.exe
    Remote address:
    8.8.8.8:53
    Request
    cdn3-res.tlauncher.org
    IN A
    Response
    cdn3-res.tlauncher.org
    IN A
    78.46.66.120
  • flag-de
    GET
    http://cdn3-res.tlauncher.org/libraries/org/tukaani/xz/1.5/xz-1.5.jar
    javaw.exe
    Remote address:
    78.46.66.120:80
    Request
    GET /libraries/org/tukaani/xz/1.5/xz-1.5.jar HTTP/1.1
    Host: cdn3-res.tlauncher.org
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_66)
    Accept-Encoding: gzip,deflate
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Wed, 19 Apr 2023 00:01:56 GMT
    Content-Type: application/java-archive
    Content-Length: 99555
    Last-Modified: Wed, 29 Sep 2021 11:35:03 GMT
    Connection: keep-alive
    ETag: "61544f67-184e3"
    X-Frame-Options: sameorigin
    X-XSS-Protection: 1; mode=block
    Accept-Ranges: bytes
  • flag-us
    DNS
    126.49.247.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.49.247.8.in-addr.arpa
    IN PTR
    Response
  • 78.46.66.120:80
    http://res.tlauncher.org/b/client/jre/windows/jre-8u281-windows-x64.tar.gz
    http
    javaw.exe
    476 B
     460 B
     6
    4

    HTTP Request

    GET http://res.tlauncher.org/b/client/jre/windows/jre-8u281-windows-x64.tar.gz

    HTTP Response

    302
  • 78.46.66.120:80
    http://res.tlauncher.org/b/libraries/com/google/guava/guava/19.0/guava-19.0.jar
    http
    javaw.exe
    481 B
     465 B
     6
    4

    HTTP Request

    GET http://res.tlauncher.org/b/libraries/com/google/guava/guava/19.0/guava-19.0.jar

    HTTP Response

    302
  • 104.20.234.70:443
    cl2-res.tlauncher.org
    tls
    javaw.exe
    50.5kB
     2.9MB
     1075
    2105
  • 104.20.234.70:443
    cl1-res.tlauncher.org
    tls
    javaw.exe
    1.2MB
     50.6MB
     22449
    36208
  • 20.42.73.24:443
    322 B
     7
  • 78.46.66.120:80
    http://res.tlauncher.org/b/libraries/log4j/log4j/1.2.17/log4j-1.2.17.jar
    http
    javaw.exe
    1.1kB
     1.2kB
     10
    6

    HTTP Request

    GET http://res.tlauncher.org/b/libraries/org/apache/commons/commons-lang3/3.4/commons-lang3-3.4.jar

    HTTP Response

    302

    HTTP Request

    GET http://res.tlauncher.org/b/libraries/net/sf/jopt-simple/jopt-simple/4.9/jopt-simple-4.9.jar

    HTTP Response

    302

    HTTP Request

    GET http://res.tlauncher.org/b/libraries/log4j/log4j/1.2.17/log4j-1.2.17.jar

    HTTP Response

    302
  • 104.20.234.70:443
    cl1-res.tlauncher.org
    tls
    javaw.exe
    9.9kB
     511.7kB
     201
    380
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 78.46.66.120:80
    http://res.tlauncher.org/b/libraries/org/tlauncher/tlauncher-resource/1.4/tlauncher-resource-1.4.jar
    http
    javaw.exe
    968 B
     1.1kB
     8
    5

    HTTP Request

    GET http://res.tlauncher.org/b/libraries/org/tukaani/xz/1.5/xz-1.5.jar

    HTTP Response

    302

    HTTP Request

    GET http://res.tlauncher.org/unb/libraries/org/tukaani/xz/1.5/xz-1.5.jar

    HTTP Response

    302

    HTTP Request

    GET http://res.tlauncher.org/b/libraries/org/tlauncher/tlauncher-resource/1.4/tlauncher-resource-1.4.jar

    HTTP Response

    302
  • 104.20.234.70:443
    cl2-res.tlauncher.org
    tls
    javaw.exe
    901 B
     3.7kB
     11
    11
  • 78.46.66.120:80
    http://cdn3-res.tlauncher.org/libraries/org/tukaani/xz/1.5/xz-1.5.jar
    http
    javaw.exe
    2.1kB
     102.9kB
     41
    76

    HTTP Request

    GET http://cdn3-res.tlauncher.org/libraries/org/tukaani/xz/1.5/xz-1.5.jar

    HTTP Response

    200
  • 104.20.234.70:443
    cl2-res.tlauncher.org
    tls
    javaw.exe
    14.8kB
     655.5kB
     285
    478
  • 8.8.8.8:53
    176.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    176.122.125.40.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    res.tlauncher.org
    dns
    javaw.exe
    63 B
     79 B
     1
    1

    DNS Request

    res.tlauncher.org

    DNS Response

    78.46.66.120

  • 8.8.8.8:53
    cl2-res.tlauncher.org
    dns
    javaw.exe
    67 B
     99 B
     1
    1

    DNS Request

    cl2-res.tlauncher.org

    DNS Response

    104.20.234.70
    104.20.235.70

  • 8.8.8.8:53
    cl1-res.tlauncher.org
    dns
    javaw.exe
    67 B
     99 B
     1
    1

    DNS Request

    cl1-res.tlauncher.org

    DNS Response

    104.20.234.70
    104.20.235.70

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    120.66.46.78.in-addr.arpa
    dns
    71 B
     127 B
     1
    1

    DNS Request

    120.66.46.78.in-addr.arpa

  • 8.8.8.8:53
    70.234.20.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    70.234.20.104.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    233.141.123.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    233.141.123.20.in-addr.arpa

  • 8.8.8.8:53
    cdn3-res.tlauncher.org
    dns
    javaw.exe
    68 B
     84 B
     1
    1

    DNS Request

    cdn3-res.tlauncher.org

    DNS Response

    78.46.66.120

  • 8.8.8.8:53
    126.49.247.8.in-addr.arpa
    dns
    71 B
     125 B
     1
    1

    DNS Request

    126.49.247.8.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1104-195-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-144-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-154-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-173-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-178-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-187-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-235-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-236-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-239-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-249-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-261-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1104-271-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4868-133-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.