845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac

Analysis

max time kernel
1s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-04-2023 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.879-Installer-1.1.0.exe
Size

22.6MB
MD5

601b94e3b018e39e0da90881fe89156d
SHA1

dc5340d6e1cb98c6ae2fa6882a4c7284e990705b
SHA256

845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac
SHA512

493c283aa3e201501843e59d593d82b3c98d2628639c95c977c9f22c268d89f7b072907d7b5d244fb7f122348277a97f7d68ce0ebdb36d7fc479c5f3c5bd33db
SSDEEP

393216:+Xj4yibrRbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq+:+zCrRsHExi73qqHpg+Vvc+AmX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a0000000122f5-57.dat	upx
behavioral1/files/0x000a0000000122f5-60.dat	upx
behavioral1/files/0x000a0000000122f5-68.dat	upx
behavioral1/files/0x000a0000000122f5-66.dat	upx
behavioral1/files/0x000a0000000122f5-64.dat	upx
behavioral1/files/0x000a0000000122f5-61.dat	upx
behavioral1/memory/912-73-0x0000000000320000-0x0000000000708000-memory.dmp	upx
behavioral1/files/0x000a0000000122f5-74.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.0.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.0.exe"
1⤵
PID:1476
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.0.exe" "__IRCT:3" "__IRTSS:23652861" "__IRSID:S-1-5-21-3430344531-3702557399-3004411149-1000"
  2⤵
  PID:912

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
318KB

MD5
d350a645959e1fc677eeb0d82a93b24b

SHA1
f9ca3f6ae020733e2af09f4d7314ebbee24ae484

SHA256
affe5dfcfd2954f5c99639ad60aa9d88f4c1cf95a66993fddbe5443bbb044335

SHA512
a3572570bc977d888f44686cebde08317b239169af70fa5994463c04aca4f4cd12fb027cc228d0c2aa0b08e896ad4cdb7275fd0df4bf6ce52716ad4153308200

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
memory/912-73-0x0000000000320000-0x0000000000708000-memory.dmp

Filesize
3.9MB

Download
memory/1476-69-0x0000000002AC0000-0x0000000002EA8000-memory.dmp

Filesize
3.9MB

Download
memory/1476-71-0x0000000002AC0000-0x0000000002EA8000-memory.dmp

Filesize
3.9MB

Download