Overview

overview

4

Static

static

1

TLauncher.exe

windows7-x64

1

TLauncher.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    134s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2023 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher.exe

  • Size

    6.3MB

  • MD5

    a09d58d5281883d9b555cb8f99974f57

  • SHA1

    f900108770e0ee69a88df27bfeb3aa13322385b0

  • SHA256

    dd5891adfd1f98f945cd02c02a231a41c8224ccc350050b65e2b987e075920aa

  • SHA512

    0f9fc01df7bd6fcf25893ef1a31d0105e19a853d81d475312c1ad4d3f17b77ad6cba659c4b78bda8040279c91947d9277987447a3795b7acb393a5eb95ae8f3c

  • SSDEEP

    196608:kF52l8bIboBT5eN0Ca/TuQnxByJRHcj3pqxsY:hRNNG/TuoyJRui

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    336f412a809d8e4bd477d59337af9d74

    SHA1

    65263c46dc5b4b10469929df8f0003c05764d242

    SHA256

    1d6c16d99045e2aeb2319942467062936b823bc8b33fdf474470f0c7b49dedb9

    SHA512

    26a516b20df308f0836be77e3ae2f82c70296c9bcee72735ddea7e5ccbb3eb31153045f84c3afa89bdf99ceb6a28c7f75c55e6b9669ddab93c8acf9d46f04908

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18addb8548613ac55c64c89628d9d15a

    SHA1

    6739407f5a8d3626d96dda618b2c4fcb8d7170da

    SHA256

    c419291ee119c7b13b72dffa6f36f55b0024c15b6dcb45fe48c346050d8cb959

    SHA512

    0bd24e5555543042fbbe85ab5a447f20762a994dcb9ed53c64b608001d1bd89735c0cc5db75d754f673de40d287c68d597ce2db056ac26b3beb72b12a3bfe7d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    97e068b6991ec0064ce256e0d538e8eb

    SHA1

    480f11b684d9f110e12474d5f85328ed98d869f9

    SHA256

    e30636d301d79aba3cb442879fe41dc4e7e7d11e9b1ef3b098c369eac785ad8d

    SHA512

    4a909b3a422dcc0581880254219af9b201d1de34dabc28c75e7560c30fe74f7aed8dcd15df170fa83f91bea73f379b0f87bccfc7d030037048c9c02951e14c45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dcba30c3c265bca8a33326b4492ad4f6

    SHA1

    cbacc61a32f8494474453e48a7dacaeb5b5a32da

    SHA256

    698a9ac58341d99c8b8d933283b741713082f9ee28acd78f7191bcfc3550c6e3

    SHA512

    d53cd6035dd4c2d7512626ad1274664fa8d1e51894199e544b5bd0e827c80d64b3a3bdd582c2a95ca9dba28843d71acca3d445d269647bb437cc52fb8bafa1e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ff4a867dfd1a94cb6a2b4e7a42105e8

    SHA1

    c8155084d352ee30f15cf0ca3e891fd77b9378e2

    SHA256

    d713d72d6ed331aab7d4ba92acca8768333b3559dd4ef4210ef721af1797cb52

    SHA512

    b1c93ef9d055348ebfe42b71b8f1dacd1274ffe2f7d8c200cceccbd4933069891e1bf9d02c36dadf942cc2b33da2e2b6d30f2dbc35f9e5e1d04d0eba8f494fb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f0e7fc5d05df07ec2d24e378f36b5e7

    SHA1

    c4b60bfd6fefa1903db8fe5e08a2ca1b234c768d

    SHA256

    8118eb287020a7980e821325c154ffab8912703a101932a66e5799fbf4064e25

    SHA512

    f48e98f124ed4895622720fff4d93e5c278f0f9a9c00b807d72306e1007821be6dfe9c34b086241f4a337e08b430fecaae87f9da5ddb4fa4430c81bbda9def5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    059c4ce8af050bdcdbbaf7b5e9591fc4

    SHA1

    02eacacc260ebdc4e54f48d68b9f10252e41a36c

    SHA256

    a0f790cae6504983349b306ca25a5f5c07c5c69c9273d73b2fdad52a33654358

    SHA512

    8edf02580f2fd40d89da9a316b98ca2c42dbcfd86b5f92687d277416fa17c7fb2578db43ce4beb856f1438d93ef6fef87df3ac8e477bfba33dd288d911745383

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cec55270d085b111fbeeb6911899c8af

    SHA1

    ad0a7d1b3d60452010a39e743ca2b378e79bfb51

    SHA256

    69fa20ef08a0728be9ed3917bfe09c020853f49c6294c7ab793eb486bb5bc7f8

    SHA512

    c30d7dc62a701841f19009068d5cd3cc577d1ac3606f1e0e52dd20d5b107b1da49632d25855d8e74e725da8fa5cf531f6b2aa1bec229463f9c65b636dd097f5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5d3d1fba74b3ce9aa7a2069940728264

    SHA1

    8cdf2cfe4e3c0dd37e50f4bf1e50c1cc26b4f198

    SHA256

    b336a5cbf12792195714fe42dba414f3a0f4be5188cd484aa78abfc526ff77b1

    SHA512

    f862d6db8a60b59b334ef4674d849551e5ff3fe99f3da143e056b4ff2200c1b7381483d2871c86f1088a99f23cb507121f2389cd6f48f97650172eb106343723

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d236d3b082bc8d4f6212afa4186dd87

    SHA1

    11d67b10621a6f14728ee5def03c0e1bf74772b8

    SHA256

    f62561b7ce557b8f6f573e49104343cbbbefa7d00a69355d7905cd417ff6ae8a

    SHA512

    db13ce2c7ce19389bdc982e8eeeaf4644bcd71b3214db0d4dcdf883d962e9a7c43a1c27e82548aa76c4c6507a5b9128c4731e7d598e1535e73976237bcd339e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNJTQ62U\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB241.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB243.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MJ699SLT.txt
    Filesize

    601B

    MD5

    1eaaf69d39d9588b89063d6506ed45eb

    SHA1

    dfe2cb997002998e43a07a3f5a1b58a78be59bb0

    SHA256

    4f56af1e8d582851d6abbd8cf5e4849b42ee2e7d2e905b527c45e6f72bc5fc7b

    SHA512

    20af72bc43caec04b2b51c172a6b4e5668f99bb87b4742ee4427f9d3ae46afc54a31d0b0b878b2177db1ecbff0a14d18f1e64b891e290732f6b308b966ee3d10

    Download Submit

  • memory/1492-53-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download