f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0

Resubmissions

01/10/2023, 15:23

231001-ssqdbsdc48 8

01/10/2023, 15:20

231001-sqwgkabf9s 7

Analysis

max time kernel
144s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2023, 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.885-Installer-1.1.3.exe
Size

22.6MB
MD5

bd3eefe3f5a4bb0c948251a5d05727e7
SHA1

b18722304d297aa384a024444aadd4e5f54a115e
SHA256

f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0
SHA512

d7df966eeda90bf074249ba983aac4ba32a7f09fe4bb6d95811951df08f24e55e01c790ffebc3bc50ce7b1c501ff562f0de5e01ca340c8596881f69f8fed932d
SSDEEP

393216:KXGWOLBh2NPfs/dQETVlOBbpFEjdGphRqV56HpkoaH3D8P2Q6YS6x9DOc:K2/BhSHExi73qqHpu34kYbzOc

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation	TLauncher-2.885-Installer-1.1.3.exe

Executes dropped EXE 1 IoCs

pid	Process
4564	irsetup.exe

Loads dropped DLL 3 IoCs

pid	Process
4564	irsetup.exe
4564	irsetup.exe
4564	irsetup.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000231c8-5.dat	upx
behavioral2/files/0x00070000000231c8-10.dat	upx
behavioral2/memory/4564-11-0x0000000000990000-0x0000000000D78000-memory.dmp	upx
behavioral2/files/0x00070000000231c8-12.dat	upx
behavioral2/memory/4564-328-0x0000000000990000-0x0000000000D78000-memory.dmp	upx
behavioral2/memory/4564-329-0x0000000000990000-0x0000000000D78000-memory.dmp	upx
behavioral2/memory/4564-335-0x0000000000990000-0x0000000000D78000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4748	firefox.exe
Token: SeDebugPrivilege	4748	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4564	irsetup.exe
4564	irsetup.exe
4564	irsetup.exe
4564	irsetup.exe
4564	irsetup.exe
4564	irsetup.exe
4564	irsetup.exe
4748	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 492 wrote to memory of 4564	492	TLauncher-2.885-Installer-1.1.3.exe	86
PID 492 wrote to memory of 4564	492	TLauncher-2.885-Installer-1.1.3.exe	86
PID 492 wrote to memory of 4564	492	TLauncher-2.885-Installer-1.1.3.exe	86
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4620 wrote to memory of 4748	4620	firefox.exe	102
PID 4748 wrote to memory of 2528	4748	firefox.exe	103
PID 4748 wrote to memory of 2528	4748	firefox.exe	103
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104
PID 4748 wrote to memory of 1992	4748	firefox.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:492
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe" "__IRCT:3" "__IRTSS:23661420" "__IRSID:S-1-5-21-919254492-3979293997-764407192-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4564

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\7583a2c9d3f94f488f292a8d447fe2da /t 4552 /p 4564
1⤵
PID:3860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.0.1538496392\1994326387" -parentBuildID 20221007134813 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a93d3af9-cc4b-40d6-9570-8bed7b157503} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 2008 260c6cefe58 gpu
    3⤵
    PID:2528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.1.453961590\531810347" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2380 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {114c6e48-bd4e-47ff-b3f0-b204764ec3b8} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 2408 260c67e8c58 socket
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.2.1783537738\577553866" -childID 1 -isForBrowser -prefsHandle 1700 -prefMapHandle 2924 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d2e59c0-d393-4f4c-b1d8-128df89752f7} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3356 260ca9f5558 tab
    3⤵
    PID:3356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.3.815559325\815267401" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9686c8b7-cedb-495c-883b-7732c205b6c0} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3576 260cb753558 tab
    3⤵
    PID:4032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.4.350464628\910778807" -childID 3 -isForBrowser -prefsHandle 4260 -prefMapHandle 4256 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fca82a12-780d-4286-b6ef-a229c07f2950} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 4276 260cc042658 tab
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.6.1051711268\430622796" -childID 5 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ac48c7c-673e-4f02-82fc-32a34d54ad94} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5144 260cce0fe58 tab
    3⤵
    PID:2348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.7.1637752961\1670205819" -childID 6 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90585a07-4bd2-4757-bdfb-a18f5a3b127f} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5336 260cce0cb58 tab
    3⤵
    PID:4940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.5.1360228273\694693513" -childID 4 -isForBrowser -prefsHandle 4772 -prefMapHandle 4800 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fdb3155-ee4c-4942-82d1-53c15a4a7d1c} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 4804 260cc043e58 tab
    3⤵
    PID:2312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.8.1347799622\1634469462" -childID 7 -isForBrowser -prefsHandle 5900 -prefMapHandle 5896 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {088cdd5d-47a2-4810-8a5b-85098620279d} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5916 260cf14aa58 tab
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.9.1570107942\1063407812" -childID 8 -isForBrowser -prefsHandle 5108 -prefMapHandle 4320 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67b33792-5822-4b8c-bd11-7c567d38653d} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5116 260cce0f858 tab
    3⤵
    PID:5004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.10.335256021\61809084" -parentBuildID 20221007134813 -prefsHandle 4384 -prefMapHandle 4368 -prefsLen 26671 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9775647-d81c-4453-b575-25b3744c7823} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 4288 260cce6c358 rdd
    3⤵
    PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.8MB

MD5
cb50d496ae05fa1c8bfbcb3b7f910bfe

SHA1
3ec4d77b73c4d7e9858b11224314e99d082497a8

SHA256
7616c72f6659a3a2439d0452190459cd4ceb83fab2307e3e47c9604fa29d9f34

SHA512
22051de06c7e52a37ad36250aa095a8ccc0b0e1cdbfa2e9073c146e77e278cbdbe89bdb078dcfd8babf48baec1902b303ac39cc9db4114ce1516b06552dc924d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\prefs-1.js

Filesize
7KB

MD5
16ae4297c5dd6b82cc3d7234ac63dd0d

SHA1
40a818896c976c75c2ca56f1ac0c0d9d1e395f82

SHA256
17a02f53ce02db7913b67580f20538693c9599021dc0c3f71cce223230574f9c

SHA512
63e411c9328dd08f89250d36140f8126b4675e2dfdcb75bbf933ea0cec9415303d5867501ee78cff1d7c9dc12c57c30d96e339e8ae2f24ecd69dd95159ef74b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\prefs.js

Filesize
6KB

MD5
e6d9419ba4b2188fd1d9c8c55c814bf8

SHA1
a9f3c50daed412d6f962062935351502f3d2581b

SHA256
51ab5a678cd6c1d62ce0cd02b4251ab14b37a89cd4bf3a91f78a5834e32aa3c2

SHA512
dfb4dab63043b404cefd64cc82b09a56af992fcd08dc20799c81187f173a0faa7ff05c50a366a6722bbe9b13b0619d8e15484a1c7a1f43f0f6e73e6e84cee419

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\prefs.js

Filesize
6KB

MD5
bd217ff86ed945822a8620e8014495ae

SHA1
9755b3897a11f462a7fd00c1f242664700115cdc

SHA256
ce67b1741bba8ae1f3de6f7a70f4698149d2c0719c2b36bbad83a8af47e36357

SHA512
0ead9c28873dba02d77f811791814cc23c1b7051b9202aeedc0125ad8c4f9ec4ea3cae864219572963163179d887517502a3ec697bdc312cee7f0e0bbb895b26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
326dfc4a87e2ecf98b7870d4da72b08a

SHA1
2b39d3a6cd74448be9004897709812e317da3980

SHA256
cb4f2d5ae97069d5220305aa6bdae1eb9a0c011609693d73157285bb8283aa67

SHA512
f5ccac1e0660a2a2104309aeb8ff4312264ef601a1f94b25e547440da2e155e0152e325d316cb0fb935a90058a139fa0bbf71d59af537adb3381bb7ca5fa7ba4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5a7eba19725ef2bf6bbd80470a47f371

SHA1
f9295b7990fc7c1c1731aa553d7eb6479e38e6f5

SHA256
5a4f5119416dead801469acc13ed56afb431f7bfb5e9870ce80c38709ed50a59

SHA512
c4c3ac8a4c6edbfc9e9cba03c3a9991b07a7e338ab7e1db3a08b8fbe7261f4e7f46b906d6c640cb46b386d2fd9c20a34b999cc04facdf2cc5689348a96b1352e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b17ae7fb0770ab6e6831b19e73ff647b

SHA1
27623ded78728a2fdf56f13f86ad771e0aa315c5

SHA256
534221262404558d1850c17b91d068ab12ddcf48c51cc4cbd8337e1a603385d9

SHA512
8f7bb359edb097a976d0771154e1c6fcb74da627f06c30fde0fdcfe4bec13d841a8501159e4c723c1cc3d08cf7c116b2b4e96bcaf866874b0ded60b6a2d60146

Download Submit
memory/4564-328-0x0000000000990000-0x0000000000D78000-memory.dmp

Filesize
3.9MB

Download
memory/4564-336-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4564-335-0x0000000000990000-0x0000000000D78000-memory.dmp

Filesize
3.9MB

Download
memory/4564-329-0x0000000000990000-0x0000000000D78000-memory.dmp

Filesize
3.9MB

Download
memory/4564-332-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4564-303-0x0000000006ED0000-0x0000000006ED3000-memory.dmp

Filesize
12KB

Download
memory/4564-11-0x0000000000990000-0x0000000000D78000-memory.dmp

Filesize
3.9MB

Download
memory/4564-302-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads