Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
22/02/2024, 13:50
General
-
Target
TLauncher-2.899-Installer-1.1.5.exe
-
Size
24.9MB
-
MD5
dc18b7f4917cb800b1fa51251bc5b6b3
-
SHA1
268524e70c51f2f1e0eeb82ef183943aa5285a7c
-
SHA256
0b1b9037233b62a601b31def961ed5a43773b7407d864c7ad40da9ab9ab91b71
-
SHA512
e02ace9761c7736175b5a2c2541a51246adc5090c87724962362ec540118b331be1aeffbecd15b469eb4ee0ec29d436cd76b005ef7f7f34cad9084bb2ff03420
-
SSDEEP
393216:QXeigDRT3h2dPfs/dQETVlOBbpFEjLsZqV56HpkBrr6of5MJ7ZWqxPAIgtMIMlFN:QOigJ3hGHExiTZqqHpCrrKJBH5lFRqs
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5.exe"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5.exe" "__IRCT:3" "__IRTSS:26073958" "__IRSID:S-1-5-21-3316742141-2240921845-2885234760-1000"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\efa264c002f34d23bdbf9eba3c6d85fd /t 4764 /p 33921⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.0.1197824132\1014233448" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 20750 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba643760-b8c2-4f9f-942b-5c689dd5d651} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 2024 2a3e9dd8f58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.1.1126122250\1375427717" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 20786 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9edac49-ac89-4a79-a07e-557b5f51b044} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 2424 2a3e9541458 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.2.574595908\2107754996" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 20934 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64eca4de-5d7e-4afc-aa1a-9ea22639e2a5} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 3104 2a3edac6c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.3.353115693\1268379003" -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 26112 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c323c8-9e2f-4c83-8a0b-ca5e47c8f5ab} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 3608 2a3dd15e858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.4.1019601355\367227802" -childID 3 -isForBrowser -prefsHandle 4348 -prefMapHandle 4344 -prefsLen 26171 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91b9c301-f910-4320-9c21-ee4145f24024} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 4356 2a3eef04758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.5.511425487\1713862758" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5084 -prefsLen 26171 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {532b4161-1efc-46cf-a310-681f2b39d150} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 5092 2a3dd162258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.7.567144839\1143353197" -childID 6 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 26171 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {751992ef-3ece-4b6b-8225-a87ad1240ecf} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 5504 2a3efd88958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.6.1090302028\2026761080" -childID 5 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26171 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f839c30-8cc3-4346-8f3f-5a052464a39f} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 5224 2a3efcaf158 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
116KB
MD5e043a9cb014d641a56f50f9d9ac9a1b9
SHA161dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA2569dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA5124ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f
-
Filesize
1.8MB
MD5cb50d496ae05fa1c8bfbcb3b7f910bfe
SHA13ec4d77b73c4d7e9858b11224314e99d082497a8
SHA2567616c72f6659a3a2439d0452190459cd4ceb83fab2307e3e47c9604fa29d9f34
SHA51222051de06c7e52a37ad36250aa095a8ccc0b0e1cdbfa2e9073c146e77e278cbdbe89bdb078dcfd8babf48baec1902b303ac39cc9db4114ce1516b06552dc924d
-
Filesize
1.7MB
MD51bbf5dd0b6ca80e4c7c77495c3f33083
SHA1e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA51297bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab
-
Filesize
97KB
MD5da1d0cd400e0b6ad6415fd4d90f69666
SHA1de9083d2902906cacf57259cf581b1466400b799
SHA2567a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a
-
Filesize
1.3MB
MD5bba68732fb535f542f19acd46af00ddf
SHA1501b7058ce18858a22f6ce198dfc34fff832872d
SHA256da4577994a0653b6eccea81ecd078397f2088935d24dde5d8de30fbf178dd0e3
SHA51236b3d68b7163b7be4a12cc9b6fed2136300c8fdc4941e00b42faffe94f40436d104788808d4fcccfb7340e3b4a4bc4740bd66dab840260461a8ecc7785fe43b6
-
Filesize
326KB
MD580d93d38badecdd2b134fe4699721223
SHA1e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA5129f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4
-
Filesize
2KB
MD595469bb5457854ecb9e1af24e87336fc
SHA159a9ce00b42226627873c637522cc95006a00a54
SHA2569986baa2ca6018763e9e9974debfa06198b1d890b04c1a5accda8ed1e0ad08a5
SHA512cbd10330d60a773690dfe440e7867b9a2e5e7b8e64a7deac8e1118b6c0cf2b5a8bd8bae2127d05cd33c0d1117337a53a991bf275b8b184bd8b441774e05cda71
-
Filesize
746B
MD514d64507703671e910b03062ca63006c
SHA1ca0ab3ff195fac074ed64fd5eb2552b9f6d57723
SHA256a7f38e4e6adf035e118f99ce10311032c56cd30e4557b30d333e65175d38d534
SHA5122bb2263ffc6aaf8a8aa272e30dbb797639da91c591d52d2ada32c8f9d0ed04c2db3c1d3d0a8df1ba059ab1904526664749e8dbffd5be33ef1f4898c1850f7ecc
-
Filesize
11KB
MD53b5422663a6caa4fdb553078a8f9f6d4
SHA1e2800ea316a758d762b8b7189beb1f69f7285bbe
SHA256fd98fe8561ffb31dc4be207722158024ac25db123d7d642068b1ae2e8725bb86
SHA512977c564cd77c2b4dee62179424ba29dff3d64a49870c256ae19e78a35718f783c80444fd1d16d960a15f8529357638e42a28fe4f3af75c3b0087d8f8ada871ff
-
Filesize
6KB
MD508abef4deec6abdaf9c0eb9a95275775
SHA122dfc68ed542500fc2cc7d54e982949fb61dde1a
SHA2560ab49af4a82bf8599b657ebbf2ff916f893c0c39422f5cdbf3f8bd02927edf8e
SHA51200947fc5b4deb5089ffbcd5d2da30cbbcd5b73658cd0d429cd2acfb2c1e4053fd9d53e3bf44e98a7f88d9f4cc43aafc1671aecb07fb2f58de63c62acf32e9547
-
Filesize
324KB
-
Filesize
12KB
-
Filesize
3.9MB
-
Filesize
3.9MB
-
Filesize
324KB