Overview

overview

4

Static

static

1

TLauncher.exe

windows7-x64

3

TLauncher.exe

windows10-2004-x64

Analysis

  • max time kernel
    119s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2023, 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher.exe

  • Size

    6.3MB

  • MD5

    a09d58d5281883d9b555cb8f99974f57

  • SHA1

    f900108770e0ee69a88df27bfeb3aa13322385b0

  • SHA256

    dd5891adfd1f98f945cd02c02a231a41c8224ccc350050b65e2b987e075920aa

  • SHA512

    0f9fc01df7bd6fcf25893ef1a31d0105e19a853d81d475312c1ad4d3f17b77ad6cba659c4b78bda8040279c91947d9277987447a3795b7acb393a5eb95ae8f3c

  • SSDEEP

    196608:kF52l8bIboBT5eN0Ca/TuQnxByJRHcj3pqxsY:hRNNG/TuoyJRui

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1032

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    708518d942ded2065d8b600271a97c04

    SHA1

    8cb33669120bb323e20c0a4dcfeb3e19cf41a3f4

    SHA256

    80cad0e806dde6c78594016dbce3b691e58f1a362edae0c3666c0d03941b4dc7

    SHA512

    28a317eb501de04a3f882af8732404fc040a0a430b5709fa645a770a6bc9f2691c85228279d1b22af36e3fa777838a92637469a57d55b27f36c3dac53cfb750b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6199be894f3efea626c86c253565c35

    SHA1

    fd9f1ee68336193ea02a009ff8881afd1d317c3b

    SHA256

    074e434d9862d8502d18696d74586d6dfbd42a9ef572f9ea9e2e09c0861ed1b6

    SHA512

    79cdb6dc67db9dec17084299186f7faf26068a2c50dc3188f99a4e5a5af98d1710c2d019ec785806ee271d72e0e6275d779a504bcb4a31bd4083441ed35a4c16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    814b1ba2d27f99dc66edcdaeb633bce2

    SHA1

    1b1ce6d09bd915a48a07e4984b92dbca02e11134

    SHA256

    8978e99912517b3638625a8ffc1d13b43ced45dd61cd0d8d5772a0edd6262366

    SHA512

    28b15628786e8a4908e76b525d8920226bea15bf2dd40445bf2c9f44d52e7c5c9ee7739f13d9b55f093c90ddf92cc500217d76481f33f68a21342529819878c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ed8cb2916ddcde3b48c3f40047b3dec5

    SHA1

    e5a4518f6ed7ec108b449f0370d5f641a6f51d51

    SHA256

    a276909dddce07703e4cee2e0efb334c025ac4d7bd54330a94f2fa72ca9b69bd

    SHA512

    3b7f5d4f836ccb624b6cd2de1d00b7b3930db7f261ad05f43f3db0ce87414d021fbe5eb7af1cfb00ace706be8d725647a654aa3496985443a6ed4b76e337cf30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a966d4ee8c8d5d4e13afd5b46b9a2815

    SHA1

    736949b746623dc610dec9bdca367f5537180a5c

    SHA256

    d29387aaa03ae36d4e6ac073a997bd8e7a664110a7353043eb77682c31a37bda

    SHA512

    18232037c0e80302f6e3d95c1f27008ab4cb3dcf41ff5df7afdb47efba2430dd9586582d65f090591f781e0e11764367f38510c54c20686bd00a6f1252485a2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37879b66e58d2aa62f5b986de852fe34

    SHA1

    fe5865b6df387aa2e01d830c28508d23a519bfec

    SHA256

    a2ed2c00e62d1b2ad29f3188b952a4165189e0015c4cc3498bd1f7e2c6141eb7

    SHA512

    4cf8d309bcbc860bd907e27256c0e46a47e806d9cdccf8339b754cc7df5a52cf2d0c80de75b451eb6aa9bdce43feeaec4ed3eec75f24a51dbe979862d4f82001

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    562755d53de8eb74af63d07724d1ff62

    SHA1

    77e1ba166bebbe962f8012fe8f6a9ce51ed68637

    SHA256

    b4f32a1dc75e1fe215498d3274805f43f79953e3414ea90626a8d5e51e9f8349

    SHA512

    3ed4e8bfce3e7dcdc14fa5e8c486ceb6e8c32753ca5400e33167a3c65f98b9bc6436a4d28368ae4774343937b054fdf2b1f1fa4c25ae0bfe19b1718e3608f647

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b9c6393e2ac995d1790a8269e2d44f2

    SHA1

    4da11cc48fce007cacd3d97739077d60169cd558

    SHA256

    ef391c3a81dc70ce6c2a5a5df73931d18caa5605506cbaa9421c5cc4fbb024fd

    SHA512

    ebe4222764a705a087a6cbde5e0875bf876b3603648f4861482eff4074d010cff677e4d1ed4458bcf3bde5f52384a5629c866312753b21fcb2637cc33f99f57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f215afd3082ca8186ae1b82016f90d26

    SHA1

    ccb26856518afde76c1e3834a44695b2c6c7b7b2

    SHA256

    5398a139de1c85ca47e35f602f63482f596c93b894d5c9722a558a3abc2f37d8

    SHA512

    777ce2373c46dba72c0bcbfefbe086bc12eb2eb1c0d3f4a0d23505f1f94e886c6858aa3aadd3de623e54f0a75001df8fb97647e357f829677b7cbd7e3b2e65fc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H774PEZ\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC5D2.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC5E2.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XICOMAR2.txt
    Filesize

    596B

    MD5

    350080b39b1e4d6695f1c6bcd78f446c

    SHA1

    c5c79bfae5a575c5a6726647817dfe2fa7747dd2

    SHA256

    5d85175b0276d9ad353e20ebc4157389b9537e768b8f98b2993dc3a74773ed28

    SHA512

    ffcbaeff1c7e44bab46ad323408d7a2305acc7e094201c7ae2e3531b19e22dc62caabc216a9e9e73f71ed3fa57a16223aea38d12979956d8e520c07026becab6

    Download Submit

  • memory/1696-53-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download