Overview

overview

7

Static

static

1

TLauncher-....3.exe

windows7-x64

7

TLauncher-....3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2024 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.885-Installer-1.1.3.exe

  • Size

    22.6MB

  • MD5

    bd3eefe3f5a4bb0c948251a5d05727e7

  • SHA1

    b18722304d297aa384a024444aadd4e5f54a115e

  • SHA256

    f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0

  • SHA512

    d7df966eeda90bf074249ba983aac4ba32a7f09fe4bb6d95811951df08f24e55e01c790ffebc3bc50ce7b1c501ff562f0de5e01ca340c8596881f69f8fed932d

  • SSDEEP

    393216:KXGWOLBh2NPfs/dQETVlOBbpFEjdGphRqV56HpkoaH3D8P2Q6YS6x9DOc:K2/BhSHExi73qqHpu34kYbzOc

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4292
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe" "__IRCT:3" "__IRTSS:23661420" "__IRSID:S-1-5-21-3791175113-1062217823-1177695025-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:3384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    99KB

    MD5

    197cf2f234799e691b2f066287900897

    SHA1

    9033bcd5b34008ecd017da273062d1782ece2ccd

    SHA256

    0f5bad7903ef1e30738838d50af716d0821733e02fe689e13fb9fbabba57a28f

    SHA512

    a75ee83a88ef7f28751dfc0859fc82d057dfb7158f2a56bb4cd84da5b83edba68d940983158d8cb269d68fb7ec79b944995b83188af5c09cf9ca4c2e2a0392f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    382KB

    MD5

    8d2b13800a7efea206eb52efaf4373d1

    SHA1

    733459c1386d6423d91e33a43e0ea83c95df2b68

    SHA256

    61d15c4ce6d449e21faad57984080a382065cab4d748dee75b1f816a83792202

    SHA512

    dfd904ca690ec95e6d6e8de2ae2ae6e2309bc9bd3a79ea1d63a1c6244ba12c31b571749d331a521c7aba8b283698c732fdde5bb06df65a19070d5621206befaa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1024KB

    MD5

    22518ce93dd2fb91a08e2f735bba9d89

    SHA1

    861738d2266ae6c5f669f94245eeca864bb468a4

    SHA256

    baa86f30baeebf1b141ea68c71b3a85f71935e4dc7d597a514929958c1bf8ce4

    SHA512

    8facdcd3cc486d86c0ee36b6db37f94d9383553e24d2e12f0eb449569c803660e609fccb85793520b4095194c66c4537e128d7226edf63ad4312c52c354acbd6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
    Filesize

    326KB

    MD5

    80d93d38badecdd2b134fe4699721223

    SHA1

    e829e58091bae93bc64e0c6f9f0bac999cfda23d

    SHA256

    c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

    SHA512

    9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
    Filesize

    92KB

    MD5

    1354872867caf8a06bb2849fb80d2caf

    SHA1

    facbd8a332092e4a879590ca2ee0f91b62df9b9e

    SHA256

    7afc835809fbe62361c97dcb215c34196a0e5653a139ff78c94803d00c0e781a

    SHA512

    e65ada4dac5145dd79aefb39a8e91de4bdc145a037a014239f6999ac72fc6e6da8a2867a741aa9978d9ee0cd9380dafdb85899f86e3a4f68f0b495ea62923f94

    Download Submit

  • memory/3384-14-0x00000000005C0000-0x00000000009A8000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/3384-303-0x0000000002EF0000-0x0000000002EF3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3384-302-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3384-329-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3384-328-0x00000000005C0000-0x00000000009A8000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/3384-353-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3384-355-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download