Overview

overview

7

Static

static

3

TLauncher-...ta.exe

windows7-x64

1

TLauncher-...ta.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    39s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2023, 12:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-1.972_beta.exe

  • Size

    2.1MB

  • MD5

    dc67bf850117f190a530cdd604153149

  • SHA1

    8a7c40e271eeaedfea2b2f53f4bd868b2252ffe0

  • SHA256

    f2450f53d02d27db04f49270432aa47a7fed6942560202ef1602fc37d6d2ef61

  • SHA512

    541be7b339a3395604dae2f8307f8df962da8a70bf3e5e957518f687baebd03684d5da818344290a8fb192f21b68eb278dba7cfae8bd9d53e8b3280e64717582

  • SSDEEP

    49152:DKmKYmflezIh0FZoxRTWRu9do59A5IE7Fe3I1gRx7:DKmPmfh0Lo3Ku9cT5j

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-1.972_beta.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-1.972_beta.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\TLauncher-1.972_beta.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2328
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2772.0.625186475\382546133" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5d161e-098b-4449-8d1c-940a3fc10066} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" 1284 100f8c58 gpu
        3⤵
          PID:2544
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2772.1.1644339373\1107851258" -parentBuildID 20221007134813 -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 21019 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bef810e2-c09d-48a5-869d-c2571cd73ec4} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" 1472 d6fb58 socket
          3⤵
            PID:1976
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2772.2.1948469064\1599915950" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 1780 -prefsLen 21057 -prefMapSize 232675 -jsInitHandle 628 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0211b110-bf99-498b-9f51-148b7612f0e3} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" 2096 19aaa558 tab
            3⤵
              PID:612
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2772.4.1913287917\1743939819" -childID 3 -isForBrowser -prefsHandle 2784 -prefMapHandle 2780 -prefsLen 26482 -prefMapSize 232675 -jsInitHandle 628 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {330a5ffc-99b7-4444-8ce4-46a08db7a813} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" 2796 1ba55e58 tab
              3⤵
                PID:1908
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2772.3.1092218352\643788528" -childID 2 -isForBrowser -prefsHandle 2460 -prefMapHandle 2452 -prefsLen 26482 -prefMapSize 232675 -jsInitHandle 628 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaa43866-428f-4050-9155-0253d866416b} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" 2472 181af758 tab
                3⤵
                  PID:1900

            Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/1052-0-0x0000000000400000-0x0000000000417000-memory.dmp

                    Filesize

                    92KB

                    Download

                  • memory/2328-8-0x00000000022D0000-0x00000000052D0000-memory.dmp

                    Filesize

                    48.0MB

                    Download

                  • memory/2328-12-0x0000000000210000-0x0000000000211000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2328-13-0x0000000000210000-0x0000000000211000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2328-16-0x0000000000210000-0x0000000000211000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2328-22-0x0000000000280000-0x000000000028A000-memory.dmp

                    Filesize

                    40KB

                    Download

                  • memory/2328-27-0x0000000000280000-0x000000000028A000-memory.dmp

                    Filesize

                    40KB

                    Download

                  • memory/2328-31-0x0000000000210000-0x0000000000211000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2328-32-0x0000000000210000-0x0000000000211000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2328-41-0x0000000000210000-0x0000000000211000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2328-57-0x00000000022D0000-0x00000000052D0000-memory.dmp

                    Filesize

                    48.0MB

                    Download

                  • memory/2328-59-0x0000000000280000-0x000000000028A000-memory.dmp

                    Filesize

                    40KB

                    Download

                  • memory/2328-60-0x0000000000280000-0x000000000028A000-memory.dmp

                    Filesize

                    40KB

                    Download