Overview

overview

7

Static

static

3

TQLauncher.exe

windows7-x64

7

TQLauncher.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2023, 17:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TQLauncher.exe

  • Size

    12.9MB

  • MD5

    0bc88de2ee4871dcf12fac1cd7f8f1bf

  • SHA1

    af91faedf9e53105ff77da8c589440bf68b14285

  • SHA256

    d1231fe7778d69a5722827bc4023e5337abc5bb8284fb0558f32b217f749a425

  • SHA512

    973366c53eafb03cb12c4429b7c26d02508f3b89140fe0eaf9d3543e83758a4e840bb1679526154c20ea832f181b738605d4d1e1b1b5b198f8156155d9bd56bf

  • SSDEEP

    196608:exQpJSycoOb6FmSASx8HbuJMjXlOW+IqGjNcxMS+QOFGS4KfgXD9kYPBg77z79ip:nLO8mSD875p3cZ+QOcqgXhkYP879ip

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TQLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\TQLauncher.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:816
    • C:\Users\Admin\AppData\Local\Temp\is-12SVM.tmp\TQLauncher.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-12SVM.tmp\TQLauncher.tmp" /SL5="$80120,12827970,792064,C:\Users\Admin\AppData\Local\Temp\TQLauncher.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-12SVM.tmp\TQLauncher.tmp
    Filesize

    2.5MB

    MD5

    1b6cac2935cc60391767bc25c60e7f20

    SHA1

    e92b0c86d39cd78228d833f84241e9d102cce2e5

    SHA256

    6ab7e20d938c625f77f3ce99a56c4fb0b57632fa67776f889cd98dcf585d6bfd

    SHA512

    173449ad2b38dad40ae23d42c970362bb472a61fe16be44d9e6f34a5e7fd43ac02a32a1a1ff520a9da929559435d06c95575556f7db304a3ffaa52450f050a20

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-12SVM.tmp\TQLauncher.tmp
    Filesize

    2.5MB

    MD5

    1b6cac2935cc60391767bc25c60e7f20

    SHA1

    e92b0c86d39cd78228d833f84241e9d102cce2e5

    SHA256

    6ab7e20d938c625f77f3ce99a56c4fb0b57632fa67776f889cd98dcf585d6bfd

    SHA512

    173449ad2b38dad40ae23d42c970362bb472a61fe16be44d9e6f34a5e7fd43ac02a32a1a1ff520a9da929559435d06c95575556f7db304a3ffaa52450f050a20

    Download Submit

  • memory/816-55-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/816-64-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/2072-62-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2072-66-0x0000000000400000-0x0000000000685000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2072-67-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download