Analysis

  • max time kernel
    140s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/02/2024, 17:44

General

  • Target

    GDLauncher.exe

  • Size

    142.0MB

  • MD5

    51dc199e41223520217f34624b276e18

  • SHA1

    0ce3f6b9a26759b21a23bf25ed34b1b7ce624295

  • SHA256

    0b3c6bce1a0a61414a7e3048616c6dbfd55a2233b7ead7c4666d7d0c59e1ff50

  • SHA512

    c40e9d4b8db3ce4d195f0e634b48f4b7f1da74070ec2a9bf3db4b543d819a712a011496d99da6fdd6461305c012f808c7761363a6ef2b137bb58a439485fc42c

  • SSDEEP

    1572864:Zx8e2z2aMcuE5p9vzLECsyP2d+J/AG8TQX60:vLabp9rY/W6

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Modifies registry class 7 IoCs
  • Modifies system certificate store 2 TTPs 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Modifies registry class
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
      "C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      2⤵
        PID:2492
      • C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
        "C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=1368 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        2⤵
          PID:2424
        • C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
          "C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1580 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
          2⤵
          • Checks computer location settings
          PID:864
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
            3⤵
              PID:1288
              • C:\Windows\System32\reg.exe
                C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
                4⤵
                  PID:1728
            • C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
              "C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
              2⤵
                PID:2176
              • C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
                "C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2288 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                2⤵
                  PID:1584

              Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

                      Filesize

                      1KB

                      MD5

                      55540a230bdab55187a841cfe1aa1545

                      SHA1

                      363e4734f757bdeb89868efe94907774a327695e

                      SHA256

                      d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

                      SHA512

                      c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

                      Filesize

                      230B

                      MD5

                      27fcd4a9815d29710da0858d61d3716d

                      SHA1

                      78a12995e6da52af70ff96b475b39d771ec05195

                      SHA256

                      3b80ac7181ab41c1288e6f3c86afbba691066e9a53f5b67d62c33d8c66e00065

                      SHA512

                      cb1aa26c4bd17ffd46c1b951c6a7aebe40b328304a8cd2c723022ff2e0be78ec864e2735beb9e72afb1fc7752252c34940b7554e1032325d0c26a7381e78097a

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      fafb496a92a4d39680e0f23c9fb30c79

                      SHA1

                      296c289236b16d6be3569ec2fb3c2a663dbb7bf1

                      SHA256

                      5d13e7866f13ede1ad66f77844387b0f4b981a7d9c048c4944dfde9f920cd75f

                      SHA512

                      2321335f937f399b8c285470cacae62cf6048eec926c0010b6e81ba2fe0f2c35bc5909834b3c2339f4e430a5dfb0546df8998b71b20aca83e8e1e8b313ec0b1f

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      8820527c750a89234a78f7e24e22adff

                      SHA1

                      d82881fa3418c373061ef57cb6cbc333367c49af

                      SHA256

                      4716eda216ef8e8bbf9de8c008ce08cca38f38e701f8107b37682e6f43ff011f

                      SHA512

                      0c444aa817254a4f1202f1c5cc97c9ad7b0b9885998a05a82a20d058c410cd99126e2f86a2cc6c92aa2814a07be0c9b94e59bcbcd4086af3052499a8d995673e

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      f4b549cc69c12a6c3a7a4646fcc33873

                      SHA1

                      81cb9a62a21bc975e3cb890411102edde1056da3

                      SHA256

                      e49a62bb42a8fc00e7f5d8808e8e9e41092c0fb393fbbfb294e686f037b1def7

                      SHA512

                      b8f5a008b970ca50d9cf8f4f35878d321057dba561c6e696f053bd29c05f0745fc4e0bd1e70a333e537c0b3523aa2b2e683157221060b2212942e952ecd42385

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      a695cb857d4ad0679bbd7f790dfb528c

                      SHA1

                      f77ae279bd4835429d41c52d8d57ea1a0e3d50de

                      SHA256

                      839bc3db290024cb119bf96e7403936eaa139c246df9c511fa9b863fa316a2f2

                      SHA512

                      e4cef7305ba1128d3f3aa3e472d2f4414e5da61697ea8abac82c30e75f4da80ce86dfa87a4077b3c81eb25fc7fd22998c1b9571004af098f8020e893f7359883

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      732ed1744e4c924a6c8394e4fcab1a37

                      SHA1

                      c0d9f34c14f89247c3efe6a5c3a3b527bdc8f5e6

                      SHA256

                      7af8400d46b4cd21c5c7e7ca6f5255e3b22ec8ea56286afae02d560331e77809

                      SHA512

                      e7a3ae3865f73258f08e3a9887b347d70501abd6986d54eb6e47b1b03a10a4211a11817c3d34abee7a325adf0bc35440954ab3c173321495e4ac8d1650659369

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      2b88c2a18494781f867b93b8eaddd696

                      SHA1

                      512518301716fa9efdfa91e21e24de6f3e2c9bdf

                      SHA256

                      87b6b28145c35e77456f9d7f7cd2cfcc34bd187706eee3e35a1681b9aa0d801e

                      SHA512

                      ebe80ba9d77aa8e490729ef73b2dbf8c6b38537650edde75551a7fcdbca60b2349f1494932b2dee55646072b75cf07a2eaa57b2c9e4ca287d7c81272eab1628e

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      f963a40bed8a8f8ff151a70d3aebb198

                      SHA1

                      239a03f4fe1156ce4ab8dc5cb2047ea51cdfbcf3

                      SHA256

                      d2e69bb34974f207dcc13914a6f36ec45b4cc42fe59ce85ededeed4b5cbb2047

                      SHA512

                      6f00e57b73cc3449d54ddc2cf76147a160e6aca55befeb4577bdaebad9c9fef39e42ade634acf9e9c877d175fd664ef9b4fb4250f8ff708c0137ec3c45feff62

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      6a8626c609a34af034cdbe7a16f86d8b

                      SHA1

                      77ec00b381f30c8c1b4fe7af5cfe12621b284e2d

                      SHA256

                      929d1ce62d7d8b3c35d6590d94c1f92dd75e927756739db1b00431f5a9c0a016

                      SHA512

                      0f46c80ff730f9255e36a4a8d8e995fe131a644d7186b65ae65302b6a14792107f2edaf1f86e2beedbcac25cc97eacf5ff78be31789aa61164790261c22e132e

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      839d4437de9ec674838a04e61a9b59e0

                      SHA1

                      261ea9306c57e9fd0fc16ee6e2373f15caa4a7f5

                      SHA256

                      a64c7bd674b78bbd6e51999397f21825eb9bffe81f7297995b9b8c198fa7a8e6

                      SHA512

                      c69e55a410548d8a4e6fecde3c4b9c5e4133970c73041bbc0077f6a4ffbf5d94a61902930ca0551236d5ee8436c83cabc27fedb61860384668ab6ef3c7b5ea04

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      500cac0b32b7e58131edbe0d5f780186

                      SHA1

                      aa61d1680f36dd7bbd33cec6b5b4e0717dc63d63

                      SHA256

                      5ccd0cc19926e2414cb90ead1967bc046f835c9da0479bd2772d3bf5b1db7f7c

                      SHA512

                      8cd2dea1302b2bbc7018655976564e069b43827cd2d10c7628cbc85f929ed968c9b0afec95d974f67e7bf49c4b69068a3b993b98818ce763ac94b7e06bbb113e

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      d47ae6f668c020565ac24a11c751f710

                      SHA1

                      2855e045ac0a59b3c2dab12d4646e95d368a5ddf

                      SHA256

                      ea119497c35cea84d4efd6097926235edab52eefce8a5c30482076e1e716d122

                      SHA512

                      55da8a08cc84c1a00845ed0342e378b46711590fc8a9d8bbb7182e89df2b2d3a3db77ab6681d5fbe9bdf456e8ad8c5f837b711979d5feb76b43b6525337a6320

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      cf4b496f78ac5df5066e12585fe64a27

                      SHA1

                      1724ec43429ff5ea2d24af38b5f2acd75355b697

                      SHA256

                      de14ad37ac82b22b5abfba531873af23503948ba40c340db2d7c552abaf54f9f

                      SHA512

                      51488fe5a9a291e2fd7e9a7a6595420ee7297186a4747bfc1c52c0c7d4708796c0101f2d6da86d0fbf0fc23fe5595dd3b881be9d27976de5fc72902cc3610e24

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      e24f6229c803774344ee4fcae5ca2963

                      SHA1

                      d79a17fcf8c57b2647ad222f846afe62dcff128b

                      SHA256

                      85209279a8c447ea1bfdbc9198015c742e95ab0fa75ca0229616a1c7183dffc6

                      SHA512

                      f8a9cbb65b1a7a9bbd66aae2a1c19f44ad27d2671a0e25323acc19418b6e63e2694063b5cba72932844c5c252abc967cf6cc2e225caa172d39e8637eea253e73

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      344B

                      MD5

                      fcae8f6e80d4ec221f71e67f01ddd6ef

                      SHA1

                      5d97599b92b621d59b2d85e1351095448082588b

                      SHA256

                      7a0c3278fd18fe21d6e709abb31fea542d51d5d480581897e0fdbe87ce10ff04

                      SHA512

                      cd8219254e16d004a93689863169123eee77fbe5d797ddf307c889a1c033154392e98a22b7d1c8e60d907d06f7ff9d7f38465f51689d4c18e7025c8d48500288

                    • C:\Users\Admin\AppData\Local\Temp\CabD6D1.tmp

                      Filesize

                      65KB

                      MD5

                      ac05d27423a85adc1622c714f2cb6184

                      SHA1

                      b0fe2b1abddb97837ea0195be70ab2ff14d43198

                      SHA256

                      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                      SHA512

                      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                    • C:\Users\Admin\AppData\Local\Temp\TarD712.tmp

                      Filesize

                      171KB

                      MD5

                      9c0c641c06238516f27941aa1166d427

                      SHA1

                      64cd549fb8cf014fcd9312aa7a5b023847b6c977

                      SHA256

                      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

                      SHA512

                      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

                    • C:\Users\Admin\AppData\Roaming\gdlauncher_next\196080d5-cdf1-4b31-b158-b77dd77387a9.tmp

                      Filesize

                      57B

                      MD5

                      58127c59cb9e1da127904c341d15372b

                      SHA1

                      62445484661d8036ce9788baeaba31d204e9a5fc

                      SHA256

                      be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

                      SHA512

                      8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

                    • C:\Users\Admin\AppData\Roaming\gdlauncher_next\Dictionaries\en-US-10-1.bdic

                      Filesize

                      441KB

                      MD5

                      4604e676a0a7d18770853919e24ec465

                      SHA1

                      415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

                      SHA256

                      a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

                      SHA512

                      3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

                    • C:\Users\Admin\AppData\Roaming\gdlauncher_next\IndexedDB\file__0.indexeddb.leveldb\000002.dbtmp

                      Filesize

                      16B

                      MD5

                      206702161f94c5cd39fadd03f4014d98

                      SHA1

                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                      SHA256

                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                      SHA512

                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                    • C:\Users\Admin\AppData\Roaming\gdlauncher_next\Local Storage\leveldb\CURRENT~RFf76c9d4.TMP

                      Filesize

                      16B

                      MD5

                      46295cac801e5d4857d09837238a6394

                      SHA1

                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                      SHA256

                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                      SHA512

                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                    • \Users\Admin\AppData\Local\Temp\c63d67f0-62b7-4aa2-98fc-e13f3ef0ebdb.tmp.node

                      Filesize

                      281KB

                      MD5

                      4cef69a682d9b896b4fff99fca80a08a

                      SHA1

                      85fcae77830c3e55badfac97badc97ee53d5ada8

                      SHA256

                      bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738

                      SHA512

                      cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587

                    • \Users\Admin\AppData\Local\Temp\e6af3fd2-67cc-4287-a9a0-97eec1d5f540.tmp.node

                      Filesize

                      495KB

                      MD5

                      be94689f0cf2f4e36ef77fff3b573460

                      SHA1

                      f7187d89237506e6f50db5418c25b79cd1b3d271

                      SHA256

                      a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f

                      SHA512

                      83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5

                    • memory/1676-43-0x0000000002990000-0x0000000002991000-memory.dmp

                      Filesize

                      4KB

                    • memory/2492-40-0x0000000076D90000-0x0000000076D91000-memory.dmp

                      Filesize

                      4KB

                    • memory/2492-9-0x0000000000060000-0x0000000000061000-memory.dmp

                      Filesize

                      4KB