Overview

overview

3

Static

static

3

Launcher.exe

windows7-x64

1

Launcher.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2023, 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Launcher.exe

  • Size

    33.2MB

  • MD5

    277c0a3b42869e991a7aa19d99cccc11

  • SHA1

    273c3de99fd2902e368fd769777b402e5f2cfa28

  • SHA256

    f7906c12248e662d853d134cad647cefd00530af60bb5cd3fa572d34578d6174

  • SHA512

    b9ea82d17715ce712058d87eb5b292b10297bf5da245e24c52c488aa0638c04e28ba6979997433b0907d9a876ef7671c918c5c1aafc80391ddac6b8c824a6aa4

  • SSDEEP

    393216:H0y7B3Zdp1uPGiSPWw1JpkZo2iaF1UuNC:Uy7Vfp1uVS+w13F

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\AppData\Local\Temp\""
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2832
    • C:\Windows\system32\taskkill.exe
      taskkill /IM powershell.exe /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2124-12-0x00000000011E0000-0x0000000003261000-memory.dmp

    Filesize

    32.5MB

    Download

  • memory/2832-4-0x000000001B0E0000-0x000000001B3C2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2832-5-0x0000000001E00000-0x0000000001E08000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2832-6-0x000007FEF5620000-0x000007FEF5FBD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2832-7-0x00000000026E0000-0x0000000002760000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2832-8-0x00000000026E0000-0x0000000002760000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2832-9-0x00000000026E0000-0x0000000002760000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2832-10-0x000007FEF5620000-0x000007FEF5FBD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2832-11-0x000007FEF5620000-0x000007FEF5FBD000-memory.dmp

    Filesize

    9.6MB

    Download