Overview

overview

7

Static

static

3

Launcher S....0.exe

windows7-x64

7

Launcher S....0.exe

windows10-2004-x64

7

$PLUGINSDIR/app-64.7z

windows7-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

7

Launcher.exe

windows7-x64

7

Launcher.exe

windows10-2004-x64

7

$R0/Uninst...er.exe

windows7-x64

7

$R0/Uninst...er.exe

windows10-2004-x64

7

Resubmissions

17-02-2024 20:29

240217-y9yzpabb28 10

17-02-2024 20:20

240217-y4ry7aba54 7

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-02-2024 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Launcher.exe

  • Size

    150.4MB

  • MD5

    0cc7c00bb4c982eb5f9f59054d1d1010

  • SHA1

    430e1ada5ee370347d9f5b565bc7fe305a38105a

  • SHA256

    8872eaa720e488e9b61a5c82409dcdcb58f29787e5393c50c7a911a8d7d00f59

  • SHA512

    c7fec4103ea69bd3a87f450e4a08cf8dab3bf0938ddf2a6fbb257768e810fe03e12733b167929108d830e7a2c636f349ebbe106d10f43ec95068f94f7a931b4d

  • SSDEEP

    1572864:b9sIp9dePx3boQ9zPx3veCvI+RJjaWIxdaJgAOB3i3wFO6Bj3yTEQjB4UR9OEm3:He15JHHgw9m

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 45 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:932
    • C:\Users\Admin\AppData\Local\Temp\Launcher.exe
      "C:\Users\Admin\AppData\Local\Temp\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1748,i,8493868684505869106,2585610867506574505,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      2⤵
        PID:4884
      • C:\Users\Admin\AppData\Local\Temp\Launcher.exe
        "C:\Users\Admin\AppData\Local\Temp\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2268 --field-trial-handle=1748,i,8493868684505869106,2585610867506574505,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        2⤵
        • Checks computer location settings
        PID:956
      • C:\Users\Admin\AppData\Local\Temp\Launcher.exe
        "C:\Users\Admin\AppData\Local\Temp\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --mojo-platform-channel-handle=1932 --field-trial-handle=1748,i,8493868684505869106,2585610867506574505,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        2⤵
          PID:2388
        • C:\Users\Admin\AppData\Local\Temp\Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3660 --field-trial-handle=1748,i,8493868684505869106,2585610867506574505,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2484

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State
        Filesize

        495B

        MD5

        65e4408615e41106564ebc921ca1e7ce

        SHA1

        b5c17efaf969de8e9d97617466d7585e9425d47f

        SHA256

        11c3622fae6cb740fe5609dedcef7bb73a455b915da568924fd7bd0ecb6a9222

        SHA512

        c45c2a726e76e3c9d134fd2ed20ec95d781fb77d93198f5e243e7cf72c5cf35b4f16f497a6c21a454e1fd05eed5c8626dd5a418706546bc07568ceab625303e2

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State~RFe58821c.TMP
        Filesize

        59B

        MD5

        2800881c775077e1c4b6e06bf4676de4

        SHA1

        2873631068c8b3b9495638c865915be822442c8b

        SHA256

        226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

        SHA512

        e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
        Filesize

        2B

        MD5

        f3b25701fe362ec84616a93a45ce9998

        SHA1

        d62636d8caec13f04e28442a0a6fa1afeb024bbb

        SHA256

        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

        SHA512

        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

        Download Submit

      • memory/2484-87-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2484-86-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2484-92-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2484-94-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2484-93-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2484-88-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2484-95-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2484-96-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2484-97-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2484-98-0x00000247FFF10000-0x00000247FFF11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4884-62-0x0000021D30D90000-0x0000021D30E2B000-memory.dmp

        Filesize

        620KB

        Download

      • memory/4884-8-0x00007FFBE6CF0000-0x00007FFBE6CF1000-memory.dmp

        Filesize

        4KB

        Download