Overview

overview

6

Static

static

3

Liquid Launchpad.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    250s
  • max time network
    199s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 03:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Liquid Launchpad.exe

  • Size

    464KB

  • MD5

    d9b2565465fe9d0847d0e032161a0e06

  • SHA1

    be2485a1c2676a56d3c80907b735f52e13092f98

  • SHA256

    d38b6f6ae58b9970f7151d135bc1215ec96f14123e4ee03aae4ab24d5287b553

  • SHA512

    0bf2ada746acc6b04b70f727528cdd21037687fd8885a4d9c7e853e7f051fd69a6314cc59f2c56e3d3c67c4ee4fd08109c23dce5b990f4cd12913a572f8d31e5

  • SSDEEP

    6144:Qf892o5LIS9O2cU6gVo5LIS9O2cU6gtukWo5LIS9B2cU6W:QfaRjs2cU67Rjs2cU6eukLRjr2cU6

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Liquid Launchpad.exe
    "C:\Users\Admin\AppData\Local\Temp\Liquid Launchpad.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1492

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1492-0-0x0000026E805C0000-0x0000026E80638000-memory.dmp

          Filesize

          480KB

          Download

        • memory/1492-1-0x00007FF813AE0000-0x00007FF8145A1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1492-2-0x0000026E809F0000-0x0000026E80A00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1492-3-0x0000026E809F0000-0x0000026E80A00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1492-4-0x00007FF813AE0000-0x00007FF8145A1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1492-5-0x0000026E809F0000-0x0000026E80A00000-memory.dmp

          Filesize

          64KB

          Download