f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0

Analysis

max time kernel
1s
max time network
148s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/01/2024, 22:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.885-Installer-1.1.3.exe
Size

22.6MB
MD5

bd3eefe3f5a4bb0c948251a5d05727e7
SHA1

b18722304d297aa384a024444aadd4e5f54a115e
SHA256

f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0
SHA512

d7df966eeda90bf074249ba983aac4ba32a7f09fe4bb6d95811951df08f24e55e01c790ffebc3bc50ce7b1c501ff562f0de5e01ca340c8596881f69f8fed932d
SSDEEP

393216:KXGWOLBh2NPfs/dQETVlOBbpFEjdGphRqV56HpkoaH3D8P2Q6YS6x9DOc:K2/BhSHExi73qqHpu34kYbzOc

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2176	irsetup.exe

Loads dropped DLL 7 IoCs

pid	Process
2724	TLauncher-2.885-Installer-1.1.3.exe
2724	TLauncher-2.885-Installer-1.1.3.exe
2724	TLauncher-2.885-Installer-1.1.3.exe
2724	TLauncher-2.885-Installer-1.1.3.exe
2176	irsetup.exe
2176	irsetup.exe
2176	irsetup.exe

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000013ac5-3.dat	upx
behavioral1/memory/2176-20-0x0000000000E30000-0x0000000001218000-memory.dmp	upx
behavioral1/files/0x000c000000013ac5-12.dat	upx
behavioral1/files/0x000c000000013ac5-10.dat	upx
behavioral1/files/0x000c000000013ac5-7.dat	upx
behavioral1/files/0x000c000000013ac5-6.dat	upx
behavioral1/memory/2176-348-0x0000000000E30000-0x0000000001218000-memory.dmp	upx
behavioral1/memory/2176-352-0x0000000000E30000-0x0000000001218000-memory.dmp	upx
behavioral1/memory/2176-385-0x0000000000E30000-0x0000000001218000-memory.dmp	upx
behavioral1/files/0x000c000000013ac5-391.dat	upx
behavioral1/memory/2768-436-0x0000000003470000-0x0000000003858000-memory.dmp	upx
behavioral1/memory/1684-447-0x00000000001E0000-0x00000000005C8000-memory.dmp	upx
behavioral1/memory/2176-449-0x0000000000E30000-0x0000000001218000-memory.dmp	upx
behavioral1/memory/1684-1340-0x00000000001E0000-0x00000000005C8000-memory.dmp	upx
behavioral1/memory/2176-1338-0x0000000000E30000-0x0000000001218000-memory.dmp	upx
behavioral1/memory/1684-1357-0x00000000001E0000-0x00000000005C8000-memory.dmp	upx
behavioral1/memory/2176-1359-0x0000000000E30000-0x0000000001218000-memory.dmp	upx
behavioral1/memory/2176-1361-0x0000000000E30000-0x0000000001218000-memory.dmp	upx
behavioral1/memory/2176-1368-0x0000000000E30000-0x0000000001218000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2176	irsetup.exe
2176	irsetup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2176	2724	TLauncher-2.885-Installer-1.1.3.exe	19
PID 2724 wrote to memory of 2176	2724	TLauncher-2.885-Installer-1.1.3.exe	19
PID 2724 wrote to memory of 2176	2724	TLauncher-2.885-Installer-1.1.3.exe	19
PID 2724 wrote to memory of 2176	2724	TLauncher-2.885-Installer-1.1.3.exe	19
PID 2724 wrote to memory of 2176	2724	TLauncher-2.885-Installer-1.1.3.exe	19
PID 2724 wrote to memory of 2176	2724	TLauncher-2.885-Installer-1.1.3.exe	19
PID 2724 wrote to memory of 2176	2724	TLauncher-2.885-Installer-1.1.3.exe	19

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe" "__IRCT:3" "__IRTSS:23661420" "__IRSID:S-1-5-21-3470981204-343661084-3367201002-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2176
- - C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1841988" "__IRSID:S-1-5-21-3470981204-343661084-3367201002-1000"
      4⤵
      PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
93KB

MD5
070bfd645acb6bb7044d911bb317d879

SHA1
32c36b314b84d7223b573650850f88f8c3e52957

SHA256
4a946a4fe1205521a79ad2736a05665a0ed25cd066e03f168944a5b6cba37da9

SHA512
3ab31e1446c7b8a9b90b62382b7f3e1cb302a1396519c89428c8e6b8fbef9553b7baa39457abd89b1967a2d5df72daf4e6a0fff1c9fca0e08fa395ab2b839d39

Download Submit
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
92KB

MD5
6cb98d59b0523d33205a8a217d4bd48d

SHA1
dca1a5ac9c9faf99de1ef63961e7dcdbb2c3d14f

SHA256
422857040fc4e5afef5a0597a0a099af318ac758759bac4ac47cef2b22e57741

SHA512
9c29e0e3baefbb2f5286eadaea8ff99c20dd1a9afee23e949f34216744d89d63a31fdab6d9b5a0365fc0915b314d87f2052ead340b98cb26ae676e49292bf09a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
382KB

MD5
8d2b13800a7efea206eb52efaf4373d1

SHA1
733459c1386d6423d91e33a43e0ea83c95df2b68

SHA256
61d15c4ce6d449e21faad57984080a382065cab4d748dee75b1f816a83792202

SHA512
dfd904ca690ec95e6d6e8de2ae2ae6e2309bc9bd3a79ea1d63a1c6244ba12c31b571749d331a521c7aba8b283698c732fdde5bb06df65a19070d5621206befaa

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
834KB

MD5
0ef7df1907bf299f1119391b86ede979

SHA1
67ed11a794af69ddcb8f50ed330a7dce257a0aaa

SHA256
702f9ca8881b0eb25e5dd8535232c2600a7e8f670abf273443148844ef6fe809

SHA512
12a87157e51808eb7b2ed38d714398870c482d279cecd7f0325cb8cf10c5b9341a7c98ac3fc0fd9119f1a5d92e63efe6a826c2eba1e64808f853ed121b72b4b7

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
143KB

MD5
0350fbb1def3f51bf146fb689e9b2472

SHA1
3b98dfdc23324fedbe08fe90e013ace968d6bf69

SHA256
45c8ef6cebcd7ad2e28f9f8e0143f4f11ea68537b4cd8a2f79821ba71f60baaa

SHA512
24d16f89e99a0b959320a97723fd1635135a191b2db12d5c071f85f557c2f323acfe13a51b9b97936d03a5098be4749a6d5c69cd82c9788ea58b9bc268fafe6d

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
1.1MB

MD5
7e921f1f49b12d43041ba93867da476c

SHA1
a4a60d08d3b3288baafd84b5f8759b5c997f1cf0

SHA256
0537dfed4e0a41e2ebc1cecbe87a2e4094a09632c09145b547f31a8c25f733e5

SHA512
ead1d0b6d5372ac9aead74b4bbe77f28d36a54b57bfda49aadb13fad47ba38ebf257396cb7b412eebd8a2fb18cf98580a09a18ae6e914fc67aa3f95d010a1202

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
137KB

MD5
0b79d8b6ff6620e4acd289e6ed541822

SHA1
c3b063b28bed8c37055f596e6c7919bf8b767a43

SHA256
7b7b2394bd6b055a12b7ded0f9a76d6704333dbd54793edce2e611baf47d65fa

SHA512
47dbe969ceeb555d1dc34271b99b20109fb827de69e1dc21f92872479208e5e43d66bd2fe8115b9df2240830d4c74dbf8749f63ddfa37129f9fd751d53ab339f

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
92KB

MD5
f39eafabc3089c0ba61f1526de9277a1

SHA1
2165691ddee7d760a9a16c6994fb77a7cdfdc5e7

SHA256
096fb51ff4ee37f2ebe465494f9b1207528f71f1781b318fe190d7d530269eaf

SHA512
9544f7323b8eab52ab27f81b1f770a4bcc3f54035696116b4daadecdcf33a7f82e478271ccdf537cb0dd6fff191546ff0c29a44429f6af47842b621b54cee5cc

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.1MB

MD5
71e66396e19af7404bd893c10a171cc2

SHA1
62cb69c24e036e95d6033aa7fa56a7305b8c3da4

SHA256
98423adf69fb6b89374fcb551065eb6cd0055bfdf30dca07f3526aa23dc53757

SHA512
803f1af66177a7477ff464812305e2e00ca8e332476eeffb35fc414a0dc705fd5ef48bb3a7412bf7d9b6087cd9886da6679d2190358e7c928ff0746aa20a76f8

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
832KB

MD5
7cc2eefc7fa813d42cb5b03acd697313

SHA1
f25ca2bdc746fe7cca357c881c7e2aaa6099b7cb

SHA256
ed88230ca3629bf81c3c8dea7a99e3bb0080da69c7b7eaf185acc589092fe0a3

SHA512
e69051fa82c0cb26b22e1e11a76bcbecb283eab54fd979eff92ef813a7e4f27681fff1813d0bfb78ae506a731611255cb3d005970f9e8f8181bbc55e73b46dfe

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
381KB

MD5
d5ac3ac00d8bba81934b60f06bb2b4fa

SHA1
da119def6a6c3dd9a720a5f194ef91b11086e252

SHA256
af57e1cdd184872cd8f7125896385d4a30735e1b644f865a3645bbe385fe37dc

SHA512
60dd960574153d2fa6aba9dd2fca226c1deb914b3e8482c7088814cf4b84ed3c0a14a5a6f6bee097814ff99981862f56471c65ab020c9f118c03c1a8031018d2

Download Submit
memory/1684-447-0x00000000001E0000-0x00000000005C8000-memory.dmp

Filesize
3.9MB

Download
memory/1684-1340-0x00000000001E0000-0x00000000005C8000-memory.dmp

Filesize
3.9MB

Download
memory/1684-1357-0x00000000001E0000-0x00000000005C8000-memory.dmp

Filesize
3.9MB

Download
memory/2176-403-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/2176-20-0x0000000000E30000-0x0000000001218000-memory.dmp

Filesize
3.9MB

Download
memory/2176-386-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2176-352-0x0000000000E30000-0x0000000001218000-memory.dmp

Filesize
3.9MB

Download
memory/2176-351-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2176-349-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2176-348-0x0000000000E30000-0x0000000001218000-memory.dmp

Filesize
3.9MB

Download
memory/2176-307-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2176-309-0x00000000003D0000-0x00000000003D3000-memory.dmp

Filesize
12KB

Download
memory/2176-1368-0x0000000000E30000-0x0000000001218000-memory.dmp

Filesize
3.9MB

Download
memory/2176-1361-0x0000000000E30000-0x0000000001218000-memory.dmp

Filesize
3.9MB

Download
memory/2176-1359-0x0000000000E30000-0x0000000001218000-memory.dmp

Filesize
3.9MB

Download
memory/2176-1358-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/2176-1338-0x0000000000E30000-0x0000000001218000-memory.dmp

Filesize
3.9MB

Download
memory/2176-1339-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2176-449-0x0000000000E30000-0x0000000001218000-memory.dmp

Filesize
3.9MB

Download
memory/2176-385-0x0000000000E30000-0x0000000001218000-memory.dmp

Filesize
3.9MB

Download
memory/2724-21-0x0000000002F10000-0x00000000032F8000-memory.dmp

Filesize
3.9MB

Download
memory/2724-17-0x0000000002F10000-0x00000000032F8000-memory.dmp

Filesize
3.9MB

Download
memory/2724-18-0x0000000002F10000-0x00000000032F8000-memory.dmp

Filesize
3.9MB

Download
memory/2768-443-0x0000000003470000-0x0000000003858000-memory.dmp

Filesize
3.9MB

Download
memory/2768-448-0x0000000003470000-0x0000000003858000-memory.dmp

Filesize
3.9MB

Download
memory/2768-446-0x0000000003470000-0x0000000003858000-memory.dmp

Filesize
3.9MB

Download
memory/2768-436-0x0000000003470000-0x0000000003858000-memory.dmp

Filesize
3.9MB

Download