e132be19bc7ae8a96d3d620710fa26b614e022abecccc161ad733eff732afcd6

Resubmissions

23/02/2024, 02:57

240223-dfr9tsah55 7

23/02/2024, 02:53

240223-ddf4saac6s 7

03/05/2023, 00:39

230503-azl1daeh6v 10

Analysis

max time kernel
291s
max time network
131s
platform
windows7_x64
resource
win7-20240221-es
resource tags

arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
submitted
23/02/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.879-Installer-1.1.1 (1).exe
Size

22.6MB
MD5

c4ceda8c435298d23cc40a842f426d61
SHA1

c7337094f09852b00a815950e96f3292295e9e15
SHA256

e132be19bc7ae8a96d3d620710fa26b614e022abecccc161ad733eff732afcd6
SHA512

25e74422d3b7adeb0cc805bbe41298d4e0fcf984b038c63a3a4faeea16e10a18f113c9a7d946e16f377ad9e3a5ca0a6425d7650b62c1e5db9ee2299e9921f52b
SSDEEP

393216:LXfgqusAgbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq3:LvtDpsHExi73qqHpg+Vvc+Amc

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
928	irsetup.exe

Loads dropped DLL 7 IoCs

pid	Process
2248	TLauncher-2.879-Installer-1.1.1 (1).exe
2248	TLauncher-2.879-Installer-1.1.1 (1).exe
2248	TLauncher-2.879-Installer-1.1.1 (1).exe
2248	TLauncher-2.879-Installer-1.1.1 (1).exe
928	irsetup.exe
928	irsetup.exe
928	irsetup.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000015c23-3.dat	upx
behavioral1/memory/2248-6-0x0000000002BB0000-0x0000000002F98000-memory.dmp	upx
behavioral1/files/0x0009000000015c23-7.dat	upx
behavioral1/files/0x0009000000015c23-13.dat	upx
behavioral1/files/0x0009000000015c23-11.dat	upx
behavioral1/files/0x0009000000015c23-8.dat	upx
behavioral1/files/0x0009000000015c23-15.dat	upx
behavioral1/files/0x0009000000015c23-19.dat	upx
behavioral1/memory/928-32-0x0000000000A80000-0x0000000000E68000-memory.dmp	upx
behavioral1/memory/928-387-0x0000000000A80000-0x0000000000E68000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
928	irsetup.exe
928	irsetup.exe
928	irsetup.exe
928	irsetup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 928	2248	TLauncher-2.879-Installer-1.1.1 (1).exe	28
PID 2248 wrote to memory of 928	2248	TLauncher-2.879-Installer-1.1.1 (1).exe	28
PID 2248 wrote to memory of 928	2248	TLauncher-2.879-Installer-1.1.1 (1).exe	28
PID 2248 wrote to memory of 928	2248	TLauncher-2.879-Installer-1.1.1 (1).exe	28
PID 2248 wrote to memory of 928	2248	TLauncher-2.879-Installer-1.1.1 (1).exe	28
PID 2248 wrote to memory of 928	2248	TLauncher-2.879-Installer-1.1.1 (1).exe	28
PID 2248 wrote to memory of 928	2248	TLauncher-2.879-Installer-1.1.1 (1).exe	28

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1 (1).exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1 (1).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1 (1).exe" "__IRCT:3" "__IRTSS:23652314" "__IRSID:S-1-5-21-330940541-141609230-1670313778-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabBB28.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBB4A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
173KB

MD5
df9703174b8e4b1ea35491d08cec2420

SHA1
5b3aa20db71ba85d0861fd8a09993ff685e42610

SHA256
902f4d4889e289f25f113ac2faa4cedbc5a30d729aff6daa78184b87a2256ba0

SHA512
887d4ece2f32c2190c2a4c48361667f8262ba7b6214afc8b53022f89dde8164e7003b55c0e3211e0d75ebe1b7c64fdbb4fea789bcf0329c7d5b59480e67cbc72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
122KB

MD5
9c69cefcd814ca43a01011dc77856edd

SHA1
657e1550e4f0d57dcb3654d76dc227cd614e3d4b

SHA256
25f38efa6713c68fa26e545841cc0ea1aae1a9e31d04f0cf683b049e4e5da70f

SHA512
c2aff84f413e2661e9bbe6531e8797f202c859014ec6acf15fcd177009d337661fd066d0df39f76b3f37cf78c4c5f9af5247aa0f5fe96860a786b76d5e93ca12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
247KB

MD5
1aa327b0ab81d0abdbf42da4c694c709

SHA1
173b4dca4c2b13167200025f6092ea31b815c8e3

SHA256
03fd04436150b0273880930ece19dd68ba7bf0f1cd569684d82a7046facd23aa

SHA512
cb9d57b4061733f9b507bcaa06b7e0949bb4d5aee766583f76e13b793165293213b45e0d751a2959e827ef97e0f2da630d88a206bb6196fc60c57b50e4a7b34c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
70KB

MD5
35256669ef52b1f2ef7dc402311af583

SHA1
fdbbad1c0c6f8a4d827da3e47f5d88fd39bb2bc5

SHA256
2558fb4ccb631e7c29267429fc34bcc715fd7595012475a5520d4f73573bf994

SHA512
854d0d1f6999819d7775cf6ae61530d89cb5089f53ba542f8e3a3af08036722106a5182d10e552d50c931424babc66130cb39857162e56f2231f6c51c305c1ee

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
265KB

MD5
ff5b37942086e01279e0c6628a2c8dc0

SHA1
7ed44cdf9e06c75227a9c0a4829e6c470e42604d

SHA256
c45a48f2dcb5da73d058e46fab175be2c8577a9db7c15abfeb5251ee0428e7f0

SHA512
1bed7c00753d2b8ba091420d156890dabeaedf1ce8a3fd1b3eafa981d3967aebc3bb1fd26c77897f0628619ec899a582fb9caafc0a43b32d6f9923c27be247a9

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
314KB

MD5
7379422e7363b042c98e9a6f9271f383

SHA1
2b285c686a695f749d3248ce1976dc6c2a19b4bd

SHA256
34ebdf244af2579096edb5b1ab22c72fba0501849129f1a294841b76cc129de0

SHA512
8ecdfbb21450ef5f693743e462f7a0048d1b774c8d00e634578c5c88d73696872b56e94c1854e268fcd4f1fa24208d07ae5cefd5392e236df2e4ddb5dd17dc62

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
b7deb59f4303c4cd377038012b8aea15

SHA1
d44d353ad6835de5b6b17189421f89d08a2b7f8d

SHA256
350ed68cfed3a662401c42afec65bd9cb2bf9786e1104955b5d660a20a12c846

SHA512
c59b79f71631e951bc95e934664ab240bc234a0f01a4370f4dd8dc3e7ea62fd3f4cd91bc50ebe97364d1b0f6bddb3b7c2412b3849111089a8c037a3cbb2e42e7

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
305KB

MD5
80729e42eacdce5cd37afc0cba86b727

SHA1
4df7f0ff97b89932df431a013a84c5e8a8f0722a

SHA256
0473071a897ba5a952139b745ba55f65d67f9c717db85f0fe0918120f7c6fd38

SHA512
feea4a823944cb1ff608ebef8439a8f7000b395b7e3c65460416e0d6dca8e7da4dbeef836c17a1c09cb13cc26d5f60c34a799e2d845f3eb78807ed16259539d9

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
232KB

MD5
6b97410268a9afd855d697f157bf6793

SHA1
50f4464c694a3c8ee54f242a6aea4f7b974596dc

SHA256
c0a3676d8e1684c2a76d8f50cbf4eec92fc3935386196fe18516b77f45ea4160

SHA512
0442f6562db0654a6228aa5bb3dafeabfb012d7eb8cf69ef24104ea4363e47073b2240d376d94ed30cac26a782232fbe6f9fd78926aa0ce5f526b114896468e4

Download Submit
memory/928-388-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/928-391-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/928-310-0x0000000000970000-0x0000000000973000-memory.dmp

Filesize
12KB

Download
memory/928-308-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/928-425-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/928-413-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/928-403-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/928-387-0x0000000000A80000-0x0000000000E68000-memory.dmp

Filesize
3.9MB

Download
memory/928-32-0x0000000000A80000-0x0000000000E68000-memory.dmp

Filesize
3.9MB

Download
memory/2248-389-0x0000000002BB0000-0x0000000002F98000-memory.dmp

Filesize
3.9MB

Download
memory/2248-20-0x0000000002BB0000-0x0000000002F98000-memory.dmp

Filesize
3.9MB

Download
memory/2248-21-0x0000000002BB0000-0x0000000002F98000-memory.dmp

Filesize
3.9MB

Download
memory/2248-6-0x0000000002BB0000-0x0000000002F98000-memory.dmp

Filesize
3.9MB

Download
memory/2248-18-0x0000000002BB0000-0x0000000002F98000-memory.dmp

Filesize
3.9MB

Download