6d53e490ff6c689bfeb92b7f176af52521a66b67f6d27c3405ee996ae1b9540d

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27/08/2023, 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LabyModLauncherSetup-latest.exe
Size

104.5MB
MD5

3eb1cf088d2f78a8e7caa7c672117a80
SHA1

d4a67888663c1e5d1f87e30fa9a6f6a4b53e8c81
SHA256

6d53e490ff6c689bfeb92b7f176af52521a66b67f6d27c3405ee996ae1b9540d
SHA512

c3966ec3dc4e129c72a3e52f6612e8b3924899d5aec6342a6dd2edc62a6cf5b9dde82ace8a82d4370ea8c69e04c5069a26950ca53cdf32b5250d6902e1c040ff
SSDEEP

3145728:tkP3I0pwtmSEb0kmden5WznB2g2AX1HRkplVhZ8:t03I0ityb0CWlwAFOv8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2840	Update.exe
2932	Squirrel.exe
1952	LabyModLauncher.exe
1936	LabyModLauncher.exe

Loads dropped DLL 7 IoCs

pid	Process
1928	LabyModLauncherSetup-latest.exe
2840	Update.exe
2840	Update.exe
2840	Update.exe
1952	LabyModLauncher.exe
2840	Update.exe
1936	LabyModLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2840	Update.exe
2840	Update.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2840	Update.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2840	Update.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2840	1928	LabyModLauncherSetup-latest.exe	28
PID 1928 wrote to memory of 2840	1928	LabyModLauncherSetup-latest.exe	28
PID 1928 wrote to memory of 2840	1928	LabyModLauncherSetup-latest.exe	28
PID 1928 wrote to memory of 2840	1928	LabyModLauncherSetup-latest.exe	28
PID 2840 wrote to memory of 2932	2840	Update.exe	29
PID 2840 wrote to memory of 2932	2840	Update.exe	29
PID 2840 wrote to memory of 2932	2840	Update.exe	29
PID 2840 wrote to memory of 1952	2840	Update.exe	30
PID 2840 wrote to memory of 1952	2840	Update.exe	30
PID 2840 wrote to memory of 1952	2840	Update.exe	30
PID 2840 wrote to memory of 1936	2840	Update.exe	31
PID 2840 wrote to memory of 1936	2840	Update.exe	31
PID 2840 wrote to memory of 1936	2840	Update.exe	31

C:\Users\Admin\AppData\Local\Temp\LabyModLauncherSetup-latest.exe
"C:\Users\Admin\AppData\Local\Temp\LabyModLauncherSetup-latest.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\Squirrel.exe
    "C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:2932
- - C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe
    "C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe" --squirrel-install 1.0.27
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1952
- - C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe
    "C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe" --squirrel-firstrun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
87B

MD5
a9ab6099a55e0e4087c73e86cf762101

SHA1
4f57640bbfd81b9aa8fbbbbfb38484213026beca

SHA256
1975a67eba3bd5f8e7244f5dda5a7940b8d6809b733c498a3b3240383e001421

SHA512
3f9ab3cd80f562d4f7600063fe18528a720196817a0d39a8a69cddda4bdf1a3c5bed79479255c06c8de724ad2ce8411665986dd03bde640fdd1e82a1a0eef0b9

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
25e96e51358b63872d6baeb2b6ebba9b

SHA1
0b014fbd88c712fba2db614780f56aefdf180fc4

SHA256
ba350ce2da53b7a91bdc7275e071d5f27066e736a6232704c008160b22f710ff

SHA512
8ee93175c3b727b83df323743b89655c0ad4d9762299da9b12022ef722146b6548d14627ef6fd69e189e15f18b25aed7b02fa93895111b6979d7bb8e8cfd7fad

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
25e96e51358b63872d6baeb2b6ebba9b

SHA1
0b014fbd88c712fba2db614780f56aefdf180fc4

SHA256
ba350ce2da53b7a91bdc7275e071d5f27066e736a6232704c008160b22f710ff

SHA512
8ee93175c3b727b83df323743b89655c0ad4d9762299da9b12022ef722146b6548d14627ef6fd69e189e15f18b25aed7b02fa93895111b6979d7bb8e8cfd7fad

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
41KB

MD5
def79fef823db7584ce1844c5fb157ef

SHA1
c61ac5eba78ac34ee4568c6a85ac780add6cab4f

SHA256
dc99de97b0324cddf77f56d2f07de40108eeaac9b50bed3820958bf383e8b345

SHA512
a179663bd53c4d39bd31643a08aae2326e12bba9dd07cbfb1d5b79aa4bd64c8d4178528871df5541e4ba7cff9bcb39f63a57eb4cb0e7be6625a5bb318c75f705

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\labymodlauncher-1.0.27-full.nupkg

Filesize
103.6MB

MD5
79d86e57196d6d9ee12b9b652bbd6006

SHA1
45db2b49b96ed04647a27d62e6b5ea0798b76790

SHA256
e9cdd91caf59452688a547f74e037761e3d529d47512e55e7f26dd4bb276a7a0

SHA512
91525334bcfc1d0c67336fa5d805223ce1e890a4a24971b81662a4117df33f598d298632d5386d7b49541d7b447101c016083e7590fd39938003a811474a2d27

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
122KB

MD5
4bce15bbb0487f88efc006fd597441b7

SHA1
da5a02653245112aabfd45429c417c39fcb2f67a

SHA256
0e684d8f833fd47d4c98d4742ce46abbfdb1f4b130da4a93047df9926f189e46

SHA512
e128d96cad8d214d41b60a7ab129dbf105866fe895d206c5b77b65af04c5d83ff1be87ece9b862dc30c88faeda69cff185925d7ae7b311c5351ca664db4a3060

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\Update.exe

Filesize
1.9MB

MD5
acef3ea0d9b4607de5fd144dcf377e1a

SHA1
3e52c39e2e8c8e3973e5fbae0caacddba7c48c81

SHA256
4190833b67352166801af8506b42ef9eefa213197810d13a06d96e810a2fda6a

SHA512
3e2293d20fbeec8220274b4deaa55b57c41088b1ff529f0ebb240374b6f3683015ba3be9f38ef86d24450225048ea36ede3f4f688ed5c1ebd7af4e313acc5137

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe

Filesize
155.9MB

MD5
12a22b9ce68e9cc9b6f7d31455617611

SHA1
7fcba27ed0ec81cae80b74685dad260f6a495323

SHA256
70474ce4ad070df510b473f6a69cd6e4fa7ff2d8f8bf2adfc745243f8df09f00

SHA512
e2b24f5bb39137e34c5398ec69dfd8a11e79eafb7d9facf4b034f16494e18cc1a4045b794fb6ed4ce818067a61d967bbeba07aac10cb422649084b52e18b5a75

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe

Filesize
155.9MB

MD5
12a22b9ce68e9cc9b6f7d31455617611

SHA1
7fcba27ed0ec81cae80b74685dad260f6a495323

SHA256
70474ce4ad070df510b473f6a69cd6e4fa7ff2d8f8bf2adfc745243f8df09f00

SHA512
e2b24f5bb39137e34c5398ec69dfd8a11e79eafb7d9facf4b034f16494e18cc1a4045b794fb6ed4ce818067a61d967bbeba07aac10cb422649084b52e18b5a75

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe

Filesize
155.9MB

MD5
12a22b9ce68e9cc9b6f7d31455617611

SHA1
7fcba27ed0ec81cae80b74685dad260f6a495323

SHA256
70474ce4ad070df510b473f6a69cd6e4fa7ff2d8f8bf2adfc745243f8df09f00

SHA512
e2b24f5bb39137e34c5398ec69dfd8a11e79eafb7d9facf4b034f16494e18cc1a4045b794fb6ed4ce818067a61d967bbeba07aac10cb422649084b52e18b5a75

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\Squirrel.exe

Filesize
1.9MB

MD5
acef3ea0d9b4607de5fd144dcf377e1a

SHA1
3e52c39e2e8c8e3973e5fbae0caacddba7c48c81

SHA256
4190833b67352166801af8506b42ef9eefa213197810d13a06d96e810a2fda6a

SHA512
3e2293d20fbeec8220274b4deaa55b57c41088b1ff529f0ebb240374b6f3683015ba3be9f38ef86d24450225048ea36ede3f4f688ed5c1ebd7af4e313acc5137

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\ffmpeg.dll

Filesize
2.8MB

MD5
33f457edb7b641950011073393ed82bf

SHA1
e735599eeffb9e7e887f9c033fc03e0d507b2e45

SHA256
dc7c1f7d616bfcc014062e50a0501b0984639147f099aa10ac7f7f245787c84c

SHA512
677bb9b19c8b10909217fd839ff264604b035afe5aeffa6e9392759d320538f00f6b44698267fa7be45c7f6515ad46f5b04e8b6767a2424da726b05feed1be17

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\resources\i18n\uk-UA.json

Filesize
4B

MD5
c443b04d0fc26b0a5a4573a78e0082a1

SHA1
3c957535345645dce7190b85eb10b39da96b2518

SHA256
e3566b3a06430868d71e9287dfd6c6c520a3da027aabea01951d407ee131dc2f

SHA512
7bbf6dac485c9e59d02edabc91ff5b15bc1319cef6905c0077ee16e3b1f572b61bff85f2400bc0f5b4aeab0260bd5d68787d72c7a688d79192952f7957a44de3

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\squirrel.exe

Filesize
1.9MB

MD5
acef3ea0d9b4607de5fd144dcf377e1a

SHA1
3e52c39e2e8c8e3973e5fbae0caacddba7c48c81

SHA256
4190833b67352166801af8506b42ef9eefa213197810d13a06d96e810a2fda6a

SHA512
3e2293d20fbeec8220274b4deaa55b57c41088b1ff529f0ebb240374b6f3683015ba3be9f38ef86d24450225048ea36ede3f4f688ed5c1ebd7af4e313acc5137

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\packages\RELEASES

Filesize
87B

MD5
a9ab6099a55e0e4087c73e86cf762101

SHA1
4f57640bbfd81b9aa8fbbbbfb38484213026beca

SHA256
1975a67eba3bd5f8e7244f5dda5a7940b8d6809b733c498a3b3240383e001421

SHA512
3f9ab3cd80f562d4f7600063fe18528a720196817a0d39a8a69cddda4bdf1a3c5bed79479255c06c8de724ad2ce8411665986dd03bde640fdd1e82a1a0eef0b9

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\packages\labymodlauncher-1.0.27-full.nupkg

Filesize
103.6MB

MD5
79d86e57196d6d9ee12b9b652bbd6006

SHA1
45db2b49b96ed04647a27d62e6b5ea0798b76790

SHA256
e9cdd91caf59452688a547f74e037761e3d529d47512e55e7f26dd4bb276a7a0

SHA512
91525334bcfc1d0c67336fa5d805223ce1e890a4a24971b81662a4117df33f598d298632d5386d7b49541d7b447101c016083e7590fd39938003a811474a2d27

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
25e96e51358b63872d6baeb2b6ebba9b

SHA1
0b014fbd88c712fba2db614780f56aefdf180fc4

SHA256
ba350ce2da53b7a91bdc7275e071d5f27066e736a6232704c008160b22f710ff

SHA512
8ee93175c3b727b83df323743b89655c0ad4d9762299da9b12022ef722146b6548d14627ef6fd69e189e15f18b25aed7b02fa93895111b6979d7bb8e8cfd7fad

Download Submit
\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe

Filesize
155.9MB

MD5
12a22b9ce68e9cc9b6f7d31455617611

SHA1
7fcba27ed0ec81cae80b74685dad260f6a495323

SHA256
70474ce4ad070df510b473f6a69cd6e4fa7ff2d8f8bf2adfc745243f8df09f00

SHA512
e2b24f5bb39137e34c5398ec69dfd8a11e79eafb7d9facf4b034f16494e18cc1a4045b794fb6ed4ce818067a61d967bbeba07aac10cb422649084b52e18b5a75

Download Submit
\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe

Filesize
155.9MB

MD5
12a22b9ce68e9cc9b6f7d31455617611

SHA1
7fcba27ed0ec81cae80b74685dad260f6a495323

SHA256
70474ce4ad070df510b473f6a69cd6e4fa7ff2d8f8bf2adfc745243f8df09f00

SHA512
e2b24f5bb39137e34c5398ec69dfd8a11e79eafb7d9facf4b034f16494e18cc1a4045b794fb6ed4ce818067a61d967bbeba07aac10cb422649084b52e18b5a75

Download Submit
\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe

Filesize
155.9MB

MD5
12a22b9ce68e9cc9b6f7d31455617611

SHA1
7fcba27ed0ec81cae80b74685dad260f6a495323

SHA256
70474ce4ad070df510b473f6a69cd6e4fa7ff2d8f8bf2adfc745243f8df09f00

SHA512
e2b24f5bb39137e34c5398ec69dfd8a11e79eafb7d9facf4b034f16494e18cc1a4045b794fb6ed4ce818067a61d967bbeba07aac10cb422649084b52e18b5a75

Download Submit
\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\LabyModLauncher.exe

Filesize
155.9MB

MD5
12a22b9ce68e9cc9b6f7d31455617611

SHA1
7fcba27ed0ec81cae80b74685dad260f6a495323

SHA256
70474ce4ad070df510b473f6a69cd6e4fa7ff2d8f8bf2adfc745243f8df09f00

SHA512
e2b24f5bb39137e34c5398ec69dfd8a11e79eafb7d9facf4b034f16494e18cc1a4045b794fb6ed4ce818067a61d967bbeba07aac10cb422649084b52e18b5a75

Download Submit
\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\ffmpeg.dll

Filesize
2.8MB

MD5
33f457edb7b641950011073393ed82bf

SHA1
e735599eeffb9e7e887f9c033fc03e0d507b2e45

SHA256
dc7c1f7d616bfcc014062e50a0501b0984639147f099aa10ac7f7f245787c84c

SHA512
677bb9b19c8b10909217fd839ff264604b035afe5aeffa6e9392759d320538f00f6b44698267fa7be45c7f6515ad46f5b04e8b6767a2424da726b05feed1be17

Download Submit
\Users\Admin\AppData\Local\labymodlauncher\app-1.0.27\ffmpeg.dll

Filesize
2.8MB

MD5
33f457edb7b641950011073393ed82bf

SHA1
e735599eeffb9e7e887f9c033fc03e0d507b2e45

SHA256
dc7c1f7d616bfcc014062e50a0501b0984639147f099aa10ac7f7f245787c84c

SHA512
677bb9b19c8b10909217fd839ff264604b035afe5aeffa6e9392759d320538f00f6b44698267fa7be45c7f6515ad46f5b04e8b6767a2424da726b05feed1be17

Download Submit
memory/2840-68-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

Filesize
9.9MB

Download
memory/2840-147-0x0000000000D40000-0x0000000000DC0000-memory.dmp

Filesize
512KB

Download
memory/2840-12-0x0000000000D40000-0x0000000000DC0000-memory.dmp

Filesize
512KB

Download
memory/2840-10-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

Filesize
9.9MB

Download
memory/2840-148-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/2840-191-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

Filesize
9.9MB

Download
memory/2840-9-0x00000000010D0000-0x00000000012A6000-memory.dmp

Filesize
1.8MB

Download
memory/2932-164-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

Filesize
9.9MB

Download
memory/2932-163-0x0000000000010000-0x0000000000204000-memory.dmp

Filesize
2.0MB

Download
memory/2932-195-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

Filesize
9.9MB

Download