Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
06-05-2023 04:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ATLauncher.exe
Resource
win10-20230220-en
windows10-1703-x64
2 signatures
300 seconds
General
-
Target
ATLauncher.exe
-
Size
21.9MB
-
MD5
5b75fcf92add86804e81f97db2a45567
-
SHA1
01ba67af23c7733d71d6ada0b08efaab27c4b8f8
-
SHA256
0200f8f9c514147284dba553e6d7d82b210f2cbd83f5338ddefc00f101c676a6
-
SHA512
420fe6697b64be7372aa51e5b616720f2c665adcb3c32470d658346bb7df497758bc731e551a9ff10befabb5345c5942723940a15dc820226ebf08572cf13083
-
SSDEEP
393216:MfI0pj1PotgffvAz8z8sucFLAGTzMWHBPJclBgsId1lJhzq54B:MfIypAuffY8zz/pAGbCngsI0U
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4144 javaw.exe 4144 javaw.exe 4144 javaw.exe 4144 javaw.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4156 wrote to memory of 4144 4156 ATLauncher.exe 66 PID 4156 wrote to memory of 4144 4156 ATLauncher.exe 66
Processes
-
C:\Users\Admin\AppData\Local\Temp\ATLauncher.exe"C:\Users\Admin\AppData\Local\Temp\ATLauncher.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4156 -
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Djna.nosys=true -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -classpath "C:\Users\Admin\AppData\Local\Temp\ATLauncher.exe;lib\oshi-core-6.1.6.jar;lib\jna-platform-5.11.0.jar;lib\jna-5.11.0.jar;lib\authlib-1.5.21.jar;lib\gson-2.9.0.jar;lib\guava-31.1-jre.jar;lib\xz-1.9.jar;lib\base64-2.3.9.jar;lib\discord-rpc-1.6.2.jar;lib\jopt-simple-5.0.4.jar;lib\zt-zip-1.15.jar;lib\okhttp-tls-4.9.3.jar;lib\google-analytics-java-2.0.11.jar;lib\apollo-runtime-2.5.14.jar;lib\apollo-http-cache-2.5.14.jar;lib\okhttp-4.9.3.jar;lib\sentry-6.1.4.jar;lib\gettext-lib-88ae68d897.jar;lib\log4j-core-2.17.2.jar;lib\log4j-api-2.17.2.jar;lib\murmur-1.0.0.jar;lib\commons-text-1.10.0.jar;lib\commons-lang3-3.12.0.jar;lib\flatlaf-extras-2.3.jar;lib\flatlaf-2.3.jar;lib\jlhttp-2.6.jar;lib\joda-time-2.10.14.jar;lib\commons-compress-1.21.jar;lib\commonmark-0.19.0.jar;lib\dbus-java-3.3.1.jar;lib\failureaccess-1.0.1.jar;lib\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;lib\apollo-normalized-cache-jvm-2.5.14.jar;lib\cache-2.0.2.jar;lib\jsr305-3.0.2.jar;lib\checker-qual-3.12.0.jar;lib\error_prone_annotations-2.11.0.jar;lib\j2objc-annotations-1.3.jar;lib\httpclient-4.5.11.jar;lib\commons-codec-1.11.jar;lib\commons-io-2.4.jar;lib\jcl-over-slf4j-1.7.30.jar;lib\slf4j-api-1.7.36.jar;lib\apollo-http-cache-api-2.5.14.jar;lib\apollo-normalized-cache-api-jvm-2.5.14.jar;lib\apollo-api-jvm-2.5.14.jar;lib\okio-jvm-2.9.0.jar;lib\kotlin-stdlib-jdk8-1.5.31.jar;lib\kotlin-stdlib-jdk7-1.5.31.jar;lib\uuid-jvm-0.2.0.jar;lib\kotlin-stdlib-1.5.31.jar;lib\antlr4-runtime-4.7.3.jar;lib\svgSalamander-1.1.3.jar;lib\jnr-unixsocket-0.38.6.jar;lib\kotlin-stdlib-common-1.5.31.jar;lib\annotations-13.0.jar;lib\httpcore-4.4.13.jar;lib\jnr-enxio-0.32.4.jar;lib\jnr-posix-3.1.5.jar;lib\jnr-ffi-2.2.2.jar;lib\jnr-constants-0.10.1.jar;lib\jffi-1.3.1.jar;lib\jffi-1.3.1-native.jar;lib\asm-commons-9.1.jar;lib\asm-util-9.1.jar;lib\asm-analysis-9.1.jar;lib\asm-tree-9.1.jar;lib\asm-9.1.jar;lib\jnr-a64asm-1.0.0.jar;lib\jnr-x86asm-1.0.2.jar" com.atlauncher.App2⤵
- Suspicious use of SetWindowsHookEx
PID:4144
-