Overview

overview

8

Static

static

1

TLauncher.exe

windows7-x64

8

TLauncher.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    138s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2023, 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher.exe

  • Size

    7.5MB

  • MD5

    6759c36759dd90ebb8e03ea74c80274f

  • SHA1

    37ac28c755056c31db6c41bf636fce70005d9668

  • SHA256

    9c0b2609ca1e6b0861ea23188bf29ac9c077f7c1df184fc424259a283a07391f

  • SHA512

    712a8fa670320ef25ba5e5ac5de1e6fc910fa62d2b19b9d9d72b5cd7dec7a3423f0fbacf33a1d3564145d5caf26c0d38f518eef083b31f2d05de99d7619c628a

  • SSDEEP

    196608:JPK0cP4gvtnn7YopNpN5BNc8nv+XjmsbpwWd17cjex+pAk:YAW3I8WXjmRWd1RS

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0f6292709a0c382c138b68afe6738559

    SHA1

    369e5a3c2570c0082537fa7901763bc32921744e

    SHA256

    c7e30d3643b587fe67451d882e196b780aceae48a7005ea43789d387e8fbfc4a

    SHA512

    a1b1fae507c786cafa9a9a5cf7a10d72147088294f44fa80dd7eab217cdb4f34d78256cbd1d13ecd6a10ec3f995239be6d85f04e27af8475be52f4934f4f41af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    799b559a0833403dd522fda884af72db

    SHA1

    61662e68af4863eb6e9e6dbdda3e09e697a7a14d

    SHA256

    dbbc7d9ec7d34d5ccc4d5c4771bf9ab9fc1470eef4abf50d760a095fe3728c1f

    SHA512

    66910497431c8a9ce6563f2fd7a8f79645e9466a8cda4f444fed7d65b3e5ba23e10637f2c67652bb76f8aaf0c33052870f3ba3bc9b14a64ad488d379c097d654

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9eca46b6c6d3fac977b8c0affd41f482

    SHA1

    d97aad8f9c754f7e587722b644605890e9075623

    SHA256

    57b2756adef7963bcbbafbf38fe96e1fbda1efc99e13dee95c24c0f2f79311ac

    SHA512

    ba6ec1689caa8956edbdb553822ae8e61a543ed2017ae479e74c6d0f5c485b13e8355afd516ea35a6bcfa70bf09a01585d3aee1377d3a7541c15ac2fd3ba6a51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    72e268b9fb97b917e5981fe8afe93af2

    SHA1

    59cf148c1920914378d394ac623cfd3159a9fc81

    SHA256

    25594c6a51335b5f8c99e7f2ad4dbb5abb17631a361516143fff54c98fffc826

    SHA512

    2d1dbf1a0f4378bc8a6093d747012411994964f3d1e4f45384efe1d8711ee505a0c27beb2595b950931a8ab196abb9fa6ae12614d43335935fa0d0fe753379e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad2aba3f1dc5a340cd9c212848c5abc3

    SHA1

    106e07dea854ab1eb4dcb697a29a0b590192937c

    SHA256

    fdd825aae6db04ca8a9c9cd1b7fb0dac31f88ff6e03ce6f610378c4c4a38d9e6

    SHA512

    792306f4c5b3a9a9d82420faab483870f9fdc0fef5bc4e34a5dd710c66cc9033cc6c0948b772d179db34020ae45f460de6a4119971265b4d12b0b1741c97180a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7e7ea06cb3c3c237e925d4a9c6747680

    SHA1

    ffbdeb07b4cebf551767822e75062442f4af669d

    SHA256

    5f6c65f4cb9dc3e06d87c3e4225167b6536e2d05866b9bca470f484973f38db8

    SHA512

    e3468ff45a5bd6346385e1b64adf9897137ebe5481d2d687d705ca182081700ee693f902d18d26f7d9e02c319b2b538a8fc79fc77999913b1dcc5038c4adb96a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d20c37b3f6d7034281cc9ed9e1ca186

    SHA1

    4b1b7ff189ed6eb54b536d796bef2d13a64ff41b

    SHA256

    0fa6708b3256f76c207389511658d4806e34dfe91908dafc6d6964bca4f793e9

    SHA512

    a1daf88422f87175864c4a3bb99638e49a712497dba388254254122b9925b7c2856775ece138f357af0655acea4cdf4cd455f1b5ceaeaa449c9aa48b022a8b24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    915aa3188454c11df83669f40dddd375

    SHA1

    8fab4a0ee99464f1ff4e50a68311a799ec40620f

    SHA256

    57653c562b743c9f629d3a5a688dc93888ff458cd8eda3bb312642d1e05661ff

    SHA512

    d0cd847cdd3f6f3ee5835b6ddbb1c10cd0fa8f279caf7d62f2679887fd3dd10d00132da15488d75366827f5834eb5dc4b8ce5a24a413aefba5f64ac98ec44cb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7634a6eed4c678ca8326cfe97a660734

    SHA1

    8fc6bdc0963386c1d8838eeed5277621b478f5bc

    SHA256

    839c330fcd4b89314a28f5630044307a980c6f49923f1f659b3cc055b5b208ad

    SHA512

    cae1d725a51d0ce593983f76fa16e4c3a593b77773686f1abb296e1d67d15fba7370661de8846db292c8f1ff806d3ab3dba25a5babdcd4f4f9b4b4cf9ab2148a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55db531a0867987b90cd3f4032c9741a

    SHA1

    1622f754a895013ce961f9c6c12a3f5cfafbbae8

    SHA256

    9835b2e066ee45fcd321eeab068e03ee6ee9530b56a638f00205f5cb435aea6f

    SHA512

    3e351eb112e3f44f385a5bf5e7042832e505a86b31f10b9efadf52c43bd3e128272f19af80809d4f82883d782c86a11425b83bd1f51f2f56ebfd1b29a7ec0ab3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULULORKV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBAD9.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBAEA.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\763GJZNY.txt
    Filesize

    601B

    MD5

    90106cccd7511535f339b67d4643f1b0

    SHA1

    6c0ccff797ca97df2aeafdf68abd20388595fb06

    SHA256

    707806f0fa6fcb35d82b683bbe7d25fee03c2ad245b9df5559d51cf0f6b7fc46

    SHA512

    c55d33d1224b4af04bc364706b07d4af2230369f24f9d6e39926c36261086a172a2e6854568150a85293ae604cb4b695c218359717bba9d3c14c33ed8e34e6b9

    Download Submit

  • memory/2604-54-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download