Overview

overview

7

Static

static

1

TLauncher-...1).exe

windows7-x64

7

TLauncher-...1).exe

windows10-2004-x64

7

Resubmissions

23-02-2024 02:57

240223-dfr9tsah55 7

23-02-2024 02:53

240223-ddf4saac6s 7

03-05-2023 00:39

230503-azl1daeh6v 10

Analysis

  • max time kernel
    137s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    23-02-2024 02:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.879-Installer-1.1.1 (1).exe

  • Size

    22.6MB

  • MD5

    c4ceda8c435298d23cc40a842f426d61

  • SHA1

    c7337094f09852b00a815950e96f3292295e9e15

  • SHA256

    e132be19bc7ae8a96d3d620710fa26b614e022abecccc161ad733eff732afcd6

  • SHA512

    25e74422d3b7adeb0cc805bbe41298d4e0fcf984b038c63a3a4faeea16e10a18f113c9a7d946e16f377ad9e3a5ca0a6425d7650b62c1e5db9ee2299e9921f52b

  • SSDEEP

    393216:LXfgqusAgbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq3:LvtDpsHExi73qqHpg+Vvc+Amc

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 47 IoCs
  • Suspicious use of SendNotifyMessage 47 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1 (1).exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1 (1).exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4800
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1 (1).exe" "__IRCT:3" "__IRTSS:23652314" "__IRSID:S-1-5-21-3844919115-497234255-166257750-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1236
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
    Filesize

    116KB

    MD5

    e043a9cb014d641a56f50f9d9ac9a1b9

    SHA1

    61dc6aed3d0d1f3b8afe3d161410848c565247ed

    SHA256

    9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

    SHA512

    4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
    Filesize

    1.8MB

    MD5

    8d26aecef0a7bdac2b104454d3ba1a87

    SHA1

    50c29c58dfece62d94ed01cb5b3d070e593dc9cf

    SHA256

    e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

    SHA512

    0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
    Filesize

    280B

    MD5

    ac819dc416a9c3d7cd218247a505f4e4

    SHA1

    65184cf901d16f1f18dd82bd0673250d5422799c

    SHA256

    a1639ff730514d3ef9d8e5363e6848069462845a9c9c0bc4ca355b60cb9dfca3

    SHA512

    4ab1351fd036b4187660bf42b19a5f1b5a2ad51369c5e056bbbc765051905e3f1b5716557f113cf2e14678481101897698c3fc746814189da75693d3fec8fab3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
    Filesize

    281B

    MD5

    179d7efdf2a2909c5cce33a2fa7b29cf

    SHA1

    e6ee30a67170e74491069edba50c950909bea4dc

    SHA256

    cc4db69be2bcdf373a7615df5a274a7e08c1dc7c3106fd835272dea973b9e049

    SHA512

    1ffba7773a15d7b53a4fa7f1b2099b565baf1d550c801a065bd03a613b5a408429c038b51a05293868525ac9cf3976615030b5cb72931a54e1a1045a1c3bdc74

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
    Filesize

    1.5MB

    MD5

    eff62f61765ccbfcea560f85bd3ee2af

    SHA1

    b5a900659fe6e5acfacfd60dd48a029a881908a7

    SHA256

    852f401c6541ef521b3a1ea70a3886e8651cc437570a6eb69d2612956f163d72

    SHA512

    e2d53892a8779474a536c15b1fdc439fd8219e069abe87aae7a9ee7d927dd25ba7e3381f681f6f33456c9f9275742a25364f3b9956722c4fed478dddf947dae4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
    Filesize

    562KB

    MD5

    ed3eecd322584cab32f37fa152a29998

    SHA1

    4d36ecb49340fcaf2da780796dee5e9bd3657049

    SHA256

    b3e5519ce452cf47c6e2c1f43862fd58718f332086e3b8196b08f773827a66e3

    SHA512

    6b12d55edb3e9aa6544abfa420662c2c830c7200f8737ec7c2cd9f9fd208eaca590ccbeb31c17fdc6bd40c805f62dcdccfba958a40d6c42ecd1f2dc6f99388ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
    Filesize

    97KB

    MD5

    da1d0cd400e0b6ad6415fd4d90f69666

    SHA1

    de9083d2902906cacf57259cf581b1466400b799

    SHA256

    7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

    SHA512

    f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    0913b4c43b4a1c301353197c30e01f4f

    SHA1

    245c343a7bb339d402ff8e9d442389a4f3dfc3a8

    SHA256

    238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c

    SHA512

    9d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    677KB

    MD5

    edc32a3edf7d142993c1b597f0a2748b

    SHA1

    95dd9983ed2a5e7be37215ac22d926f6b6117055

    SHA256

    0def2509b0a5f270648362f082cd82ff12f7bf8ee42ea56150487425855b360f

    SHA512

    adf5e0ccc464529aaadae903047bc153b2ae568087dec9e2fd2a8f0c053d8cdf8b4f26a114224b91302466fed210469d67b2cbe97e99c1629b5730688ef0615f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
    Filesize

    326KB

    MD5

    80d93d38badecdd2b134fe4699721223

    SHA1

    e829e58091bae93bc64e0c6f9f0bac999cfda23d

    SHA256

    c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

    SHA512

    9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

    Download Submit

  • memory/1236-329-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1236-328-0x0000000000DB0000-0x0000000001198000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/1236-303-0x0000000005FA0000-0x0000000005FA3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1236-301-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1236-12-0x0000000000DB0000-0x0000000001198000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/1236-345-0x0000000000DB0000-0x0000000001198000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/1236-346-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3440-361-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-360-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-359-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-365-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-366-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-371-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-370-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-369-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-368-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-367-0x000001DE8D1E0000-0x000001DE8D1E1000-memory.dmp

    Filesize

    4KB

    Download