Resubmissions
05-10-2024 21:24
241005-z9agrstapj 803-09-2023 03:11
230903-dpwcvagb5v 703-09-2023 03:06
230903-dl6peagb41 703-09-2023 02:48
230903-daplragd86 803-09-2023 02:45
230903-c8vpzsga9x 828-05-2023 20:42
230528-zg5gfaha3t 803-05-2023 06:50
230503-hlye9adh28 1003-05-2023 06:42
230503-hgglyaff81 8Analysis
-
max time kernel
142s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
03-09-2023 02:48
Static task
static1
Behavioral task
behavioral1
Sample
TLauncher-2.879-Installer-1.1.1.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
TLauncher-2.879-Installer-1.1.1.exe
Resource
win10v2004-20230831-en
General
-
Target
TLauncher-2.879-Installer-1.1.1.exe
-
Size
22.6MB
-
MD5
c4ceda8c435298d23cc40a842f426d61
-
SHA1
c7337094f09852b00a815950e96f3292295e9e15
-
SHA256
e132be19bc7ae8a96d3d620710fa26b614e022abecccc161ad733eff732afcd6
-
SHA512
25e74422d3b7adeb0cc805bbe41298d4e0fcf984b038c63a3a4faeea16e10a18f113c9a7d946e16f377ad9e3a5ca0a6425d7650b62c1e5db9ee2299e9921f52b
-
SSDEEP
393216:LXfgqusAgbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq3:LvtDpsHExi73qqHpg+Vvc+Amc
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1856 irsetup.exe -
Loads dropped DLL 7 IoCs
pid Process 752 TLauncher-2.879-Installer-1.1.1.exe 752 TLauncher-2.879-Installer-1.1.1.exe 752 TLauncher-2.879-Installer-1.1.1.exe 752 TLauncher-2.879-Installer-1.1.1.exe 1856 irsetup.exe 1856 irsetup.exe 1856 irsetup.exe -
resource yara_rule behavioral1/files/0x0009000000012272-3.dat upx behavioral1/memory/752-6-0x0000000002DA0000-0x0000000003188000-memory.dmp upx behavioral1/files/0x0009000000012272-7.dat upx behavioral1/files/0x0009000000012272-8.dat upx behavioral1/files/0x0009000000012272-13.dat upx behavioral1/files/0x0009000000012272-11.dat upx behavioral1/files/0x0009000000012272-16.dat upx behavioral1/memory/1856-17-0x0000000000E60000-0x0000000001248000-memory.dmp upx behavioral1/files/0x0009000000012272-20.dat upx behavioral1/memory/1856-334-0x0000000000E60000-0x0000000001248000-memory.dmp upx behavioral1/memory/1856-343-0x0000000000E60000-0x0000000001248000-memory.dmp upx -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main irsetup.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1856 irsetup.exe 1856 irsetup.exe 1856 irsetup.exe 1856 irsetup.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 752 wrote to memory of 1856 752 TLauncher-2.879-Installer-1.1.1.exe 28 PID 752 wrote to memory of 1856 752 TLauncher-2.879-Installer-1.1.1.exe 28 PID 752 wrote to memory of 1856 752 TLauncher-2.879-Installer-1.1.1.exe 28 PID 752 wrote to memory of 1856 752 TLauncher-2.879-Installer-1.1.1.exe 28 PID 752 wrote to memory of 1856 752 TLauncher-2.879-Installer-1.1.1.exe 28 PID 752 wrote to memory of 1856 752 TLauncher-2.879-Installer-1.1.1.exe 28 PID 752 wrote to memory of 1856 752 TLauncher-2.879-Installer-1.1.1.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1.exe"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:752 -
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1.exe" "__IRCT:3" "__IRTSS:23652314" "__IRSID:S-1-5-21-2180306848-1874213455-4093218721-1000"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1856
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
116KB
MD5e043a9cb014d641a56f50f9d9ac9a1b9
SHA161dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA2569dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA5124ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f
-
Filesize
1.8MB
MD58d26aecef0a7bdac2b104454d3ba1a87
SHA150c29c58dfece62d94ed01cb5b3d070e593dc9cf
SHA256e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c
SHA5120daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475
-
Filesize
1.3MB
MD50913b4c43b4a1c301353197c30e01f4f
SHA1245c343a7bb339d402ff8e9d442389a4f3dfc3a8
SHA256238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c
SHA5129d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f
-
Filesize
1.3MB
MD50913b4c43b4a1c301353197c30e01f4f
SHA1245c343a7bb339d402ff8e9d442389a4f3dfc3a8
SHA256238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c
SHA5129d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f
-
Filesize
1.3MB
MD50913b4c43b4a1c301353197c30e01f4f
SHA1245c343a7bb339d402ff8e9d442389a4f3dfc3a8
SHA256238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c
SHA5129d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f
-
Filesize
326KB
MD580d93d38badecdd2b134fe4699721223
SHA1e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA5129f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4
-
Filesize
1.7MB
MD51bbf5dd0b6ca80e4c7c77495c3f33083
SHA1e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA51297bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab
-
Filesize
97KB
MD5da1d0cd400e0b6ad6415fd4d90f69666
SHA1de9083d2902906cacf57259cf581b1466400b799
SHA2567a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a
-
Filesize
1.3MB
MD50913b4c43b4a1c301353197c30e01f4f
SHA1245c343a7bb339d402ff8e9d442389a4f3dfc3a8
SHA256238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c
SHA5129d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f
-
Filesize
1.3MB
MD50913b4c43b4a1c301353197c30e01f4f
SHA1245c343a7bb339d402ff8e9d442389a4f3dfc3a8
SHA256238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c
SHA5129d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f
-
Filesize
1.3MB
MD50913b4c43b4a1c301353197c30e01f4f
SHA1245c343a7bb339d402ff8e9d442389a4f3dfc3a8
SHA256238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c
SHA5129d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f
-
Filesize
1.3MB
MD50913b4c43b4a1c301353197c30e01f4f
SHA1245c343a7bb339d402ff8e9d442389a4f3dfc3a8
SHA256238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c
SHA5129d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f
-
Filesize
326KB
MD580d93d38badecdd2b134fe4699721223
SHA1e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA5129f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4