Overview

overview

6

Static

static

3

MCLauncher.exe

windows7-x64

1

MCLauncher.exe

windows10-2004-x64

6

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

WUTokenHelper.dll

windows7-x64

1

WUTokenHelper.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    164s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 01:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MCLauncher.exe

  • Size

    66KB

  • MD5

    08fac357f1d1afb27d750ad5ed9ce31a

  • SHA1

    1f26aed62282c329c6218c546b83836c9a7c961c

  • SHA256

    9f280bf64706e52cb401c884e6a2252a796de7eaf3b3a890c5eb6fb020c0eaf9

  • SHA512

    b902ef4670e202c0991b091773f1e2099d2bdcbdb615b7810056e2704b60cabcc9a506ac32dbfa47f394f36e69a617705046381b53e6fd69b132952db987e6ed

  • SSDEEP

    1536:3qlyVWbtCA4XwCnD1ukCauXlVc+g1S8pE+sECyePfHBTlkwVcl:6lyVWbtCA4XwCnD1ukCaqMh1ZpE+sEjj

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MCLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\MCLauncher.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4928

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4928-0-0x000002260B7E0000-0x000002260B7F4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/4928-1-0x00007FFA59D70000-0x00007FFA5A831000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4928-2-0x00000226275A0000-0x00000226275B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4928-3-0x0000022627760000-0x000002262780A000-memory.dmp

          Filesize

          680KB

          Download

        • memory/4928-4-0x00000226275A0000-0x00000226275B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4928-5-0x0000022627500000-0x0000022627522000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4928-7-0x0000022627590000-0x0000022627598000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4928-8-0x00000226275A0000-0x00000226275B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4928-10-0x00000226276E0000-0x00000226276EE000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4928-9-0x000002262A850000-0x000002262A888000-memory.dmp

          Filesize

          224KB

          Download

        • memory/4928-11-0x0000022627710000-0x0000022627718000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4928-13-0x00007FFA59D70000-0x00007FFA5A831000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4928-14-0x00000226275A0000-0x00000226275B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4928-15-0x00000226275A0000-0x00000226275B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4928-16-0x00000226275A0000-0x00000226275B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4928-17-0x00000226275A0000-0x00000226275B0000-memory.dmp

          Filesize

          64KB

          Download