a7c997ba3c3e91c048f80f96f08754948428f6d3fe4001bab79c4ae09d06c5e0

Analysis

max time kernel
133s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LegacyLauncher_Installer_legacy.exe
Size

112.3MB
MD5

53eea8664d54198e1989301b12f795da
SHA1

00bddca8bba387a76d6f18fc942859acf9ff5a60
SHA256

a7c997ba3c3e91c048f80f96f08754948428f6d3fe4001bab79c4ae09d06c5e0
SHA512

e05bd2e369b19b818f715a14ceb2c35b2f8409e5524d347d3093ef82667675bf719af17ab77412156aa62748aa17572d622b163bb6d187d917282f49e56ff831
SSDEEP

3145728:kNS0yY1k/bQS8yJQZI3XeKBPKi2O3hE4AGzUVeQgnFV:koqcQ+3XHD2OxEfPQQgnFV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3632	LegacyLauncher_Installer_legacy.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp
3632	LegacyLauncher_Installer_legacy.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 3632	3608	LegacyLauncher_Installer_legacy.exe	87
PID 3608 wrote to memory of 3632	3608	LegacyLauncher_Installer_legacy.exe	87
PID 3608 wrote to memory of 3632	3608	LegacyLauncher_Installer_legacy.exe	87
PID 3924 wrote to memory of 1280	3924	msedge.exe	117
PID 3924 wrote to memory of 1280	3924	msedge.exe	117
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 4436	3924	msedge.exe	118
PID 3924 wrote to memory of 2044	3924	msedge.exe	119
PID 3924 wrote to memory of 2044	3924	msedge.exe	119
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120
PID 3924 wrote to memory of 3856	3924	msedge.exe	120

C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_Installer_legacy.exe
"C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_Installer_legacy.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Users\Admin\AppData\Local\Temp\is-MJ6K5.tmp\LegacyLauncher_Installer_legacy.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-MJ6K5.tmp\LegacyLauncher_Installer_legacy.tmp" /SL5="$210022,115841256,1202688,C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_Installer_legacy.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultf6b6f9cdhffedh4716hae8fhaceb7131318c
1⤵
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff9d1d46f8,0x7fff9d1d4708,0x7fff9d1d4718
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,10717640339665518229,15722436436426974244,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,10717640339665518229,15722436436426974244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,10717640339665518229,15722436436426974244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
11fa4a34f93dd53e1f060a99c1a843e2

SHA1
1c83e4ffeb24805e831a32dfb014f3c7284df129

SHA256
29e0c72b6cb6376c2234fdffac9f6585cee7c09653047e16912c67589344ba6c

SHA512
ae25fa3998acade03c8c6394c52b8cdabfc933990535c0a5fc6ddd0f0d01570fc47c0b4932b5133533d27a421bc2a8999fe093b652e7ffd69a02fbead84cb6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
f92f92eb927e4cb686d9b3f54f6145ff

SHA1
d5488b23c98602a12d19561ebe68662f8ff96c0c

SHA256
6fc71452c27a2a042b501b4bfc41e65f36c8c44ebc7949cc7579a093f6f9a20a

SHA512
ca7a95a390d9a1c0be9a85207268000b4a49df8d877dfbfbae8abea4cbd342be6c69017a20a4980e956528d9893015298c50a1759aefee2cb19602d390378a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MJ6K5.tmp\LegacyLauncher_Installer_legacy.tmp

Filesize
3.4MB

MD5
07b96c2d1823a0a548832c1062799d85

SHA1
65a35826b0e6d93700256fd8a4710cc039bd7b8d

SHA256
c5ba29e4c82fca9adfcd3a6b60b3bf786abe7178928f80cb60eca3564e35b3de

SHA512
abf2ba63976bd6622f3a1cda816c8f2267b59c079d6092ff60e7f52be893a993e3b457a174092c74056628e9694fa9efc8d823d14b4d658a9eb59c622d992f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MJ6K5.tmp\LegacyLauncher_Installer_legacy.tmp

Filesize
3.4MB

MD5
07b96c2d1823a0a548832c1062799d85

SHA1
65a35826b0e6d93700256fd8a4710cc039bd7b8d

SHA256
c5ba29e4c82fca9adfcd3a6b60b3bf786abe7178928f80cb60eca3564e35b3de

SHA512
abf2ba63976bd6622f3a1cda816c8f2267b59c079d6092ff60e7f52be893a993e3b457a174092c74056628e9694fa9efc8d823d14b4d658a9eb59c622d992f65

Download Submit
memory/3608-1-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/3608-9-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/3608-25-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/3632-7-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

Filesize
4KB

Download
memory/3632-24-0x0000000000400000-0x0000000000776000-memory.dmp

Filesize
3.5MB

Download
memory/3632-19-0x0000000000400000-0x0000000000776000-memory.dmp

Filesize
3.5MB

Download
memory/3632-11-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

Filesize
4KB

Download
memory/3632-10-0x0000000000400000-0x0000000000776000-memory.dmp

Filesize
3.5MB

Download