da946a12320542b32133599e6f4f815a4064993c4f7c9b4311dade8693262897 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

liquidlaun...US.msi

windows7-x64

7

liquidlaun...US.msi

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

liquidlauncher_0.2.0_x64_en-US.msi
Size

5.4MB
Sample

240109-qsntdsbdgp
MD5

ea701a642a913b23534a46065d6f47f3
SHA1

7f620da5078bed3f8d942eb51b7c8a1567628fb1
SHA256

da946a12320542b32133599e6f4f815a4064993c4f7c9b4311dade8693262897
SHA512

6bd68458812efba730ba50e6c2645147b2a22e5f3d507f07103ee7af21a8b6e97915d4ba91db59b14b9f2db7d9960dd6899ee3a3afa082461409bc9b5ea7da35
SSDEEP

98304:5W9Y3GEdGHzryhz++8uGxH5esA7EltV+eIiOSdWluFU0HeJpayUHQOrm:om2EUyhK+8uGxH5esD7geKiTb+JpayUK

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

liquidlauncher_0.2.0_x64_en-US.msi

Resource

win7-20231215-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

liquidlauncher_0.2.0_x64_en-US.msi

Resource

win10v2004-20231222-en

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  liquidlauncher_0.2.0_x64_en-US.msi
- Size
  
  5.4MB
- MD5
  
  ea701a642a913b23534a46065d6f47f3
- SHA1
  
  7f620da5078bed3f8d942eb51b7c8a1567628fb1
- SHA256
  
  da946a12320542b32133599e6f4f815a4064993c4f7c9b4311dade8693262897
- SHA512
  
  6bd68458812efba730ba50e6c2645147b2a22e5f3d507f07103ee7af21a8b6e97915d4ba91db59b14b9f2db7d9960dd6899ee3a3afa082461409bc9b5ea7da35
- SSDEEP
  
  98304:5W9Y3GEdGHzryhz++8uGxH5esA7EltV+eIiOSdWluFU0HeJpayUHQOrm:om2EUyhK+8uGxH5esD7geKiTb+JpayUK
Score

8^/10

persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy