Resubmissions

06-05-2023 04:34

230506-e7apjaac7y 3

06-05-2023 04:32

230506-e55f5aga62 3

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06-05-2023 04:34

General

  • Target

    ATLauncher.exe

  • Size

    21.9MB

  • MD5

    5b75fcf92add86804e81f97db2a45567

  • SHA1

    01ba67af23c7733d71d6ada0b08efaab27c4b8f8

  • SHA256

    0200f8f9c514147284dba553e6d7d82b210f2cbd83f5338ddefc00f101c676a6

  • SHA512

    420fe6697b64be7372aa51e5b616720f2c665adcb3c32470d658346bb7df497758bc731e551a9ff10befabb5345c5942723940a15dc820226ebf08572cf13083

  • SSDEEP

    393216:MfI0pj1PotgffvAz8z8sucFLAGTzMWHBPJclBgsId1lJhzq54B:MfIypAuffY8zz/pAGbCngsI0U

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ATLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\ATLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4156
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Djna.nosys=true -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -classpath "C:\Users\Admin\AppData\Local\Temp\ATLauncher.exe;lib\oshi-core-6.1.6.jar;lib\jna-platform-5.11.0.jar;lib\jna-5.11.0.jar;lib\authlib-1.5.21.jar;lib\gson-2.9.0.jar;lib\guava-31.1-jre.jar;lib\xz-1.9.jar;lib\base64-2.3.9.jar;lib\discord-rpc-1.6.2.jar;lib\jopt-simple-5.0.4.jar;lib\zt-zip-1.15.jar;lib\okhttp-tls-4.9.3.jar;lib\google-analytics-java-2.0.11.jar;lib\apollo-runtime-2.5.14.jar;lib\apollo-http-cache-2.5.14.jar;lib\okhttp-4.9.3.jar;lib\sentry-6.1.4.jar;lib\gettext-lib-88ae68d897.jar;lib\log4j-core-2.17.2.jar;lib\log4j-api-2.17.2.jar;lib\murmur-1.0.0.jar;lib\commons-text-1.10.0.jar;lib\commons-lang3-3.12.0.jar;lib\flatlaf-extras-2.3.jar;lib\flatlaf-2.3.jar;lib\jlhttp-2.6.jar;lib\joda-time-2.10.14.jar;lib\commons-compress-1.21.jar;lib\commonmark-0.19.0.jar;lib\dbus-java-3.3.1.jar;lib\failureaccess-1.0.1.jar;lib\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;lib\apollo-normalized-cache-jvm-2.5.14.jar;lib\cache-2.0.2.jar;lib\jsr305-3.0.2.jar;lib\checker-qual-3.12.0.jar;lib\error_prone_annotations-2.11.0.jar;lib\j2objc-annotations-1.3.jar;lib\httpclient-4.5.11.jar;lib\commons-codec-1.11.jar;lib\commons-io-2.4.jar;lib\jcl-over-slf4j-1.7.30.jar;lib\slf4j-api-1.7.36.jar;lib\apollo-http-cache-api-2.5.14.jar;lib\apollo-normalized-cache-api-jvm-2.5.14.jar;lib\apollo-api-jvm-2.5.14.jar;lib\okio-jvm-2.9.0.jar;lib\kotlin-stdlib-jdk8-1.5.31.jar;lib\kotlin-stdlib-jdk7-1.5.31.jar;lib\uuid-jvm-0.2.0.jar;lib\kotlin-stdlib-1.5.31.jar;lib\antlr4-runtime-4.7.3.jar;lib\svgSalamander-1.1.3.jar;lib\jnr-unixsocket-0.38.6.jar;lib\kotlin-stdlib-common-1.5.31.jar;lib\annotations-13.0.jar;lib\httpcore-4.4.13.jar;lib\jnr-enxio-0.32.4.jar;lib\jnr-posix-3.1.5.jar;lib\jnr-ffi-2.2.2.jar;lib\jnr-constants-0.10.1.jar;lib\jffi-1.3.1.jar;lib\jffi-1.3.1-native.jar;lib\asm-commons-9.1.jar;lib\asm-util-9.1.jar;lib\asm-analysis-9.1.jar;lib\asm-tree-9.1.jar;lib\asm-9.1.jar;lib\jnr-a64asm-1.0.0.jar;lib\jnr-x86asm-1.0.2.jar" com.atlauncher.App
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4144-132-0x0000000002550000-0x0000000002551000-memory.dmp

    Filesize

    4KB

  • memory/4144-135-0x0000000002550000-0x0000000002551000-memory.dmp

    Filesize

    4KB

  • memory/4144-142-0x0000000002550000-0x0000000002551000-memory.dmp

    Filesize

    4KB

  • memory/4156-121-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB