Resubmissions
23/02/2024, 02:57
240223-dfr9tsah55 723/02/2024, 02:53
240223-ddf4saac6s 703/05/2023, 00:39
230503-azl1daeh6v 10Analysis
-
max time kernel
137s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-es -
resource tags
-
submitted
23/02/2024, 02:53
General
-
Target
TLauncher-2.879-Installer-1.1.1 (1).exe
-
Size
22.6MB
-
MD5
c4ceda8c435298d23cc40a842f426d61
-
SHA1
c7337094f09852b00a815950e96f3292295e9e15
-
SHA256
e132be19bc7ae8a96d3d620710fa26b614e022abecccc161ad733eff732afcd6
-
SHA512
25e74422d3b7adeb0cc805bbe41298d4e0fcf984b038c63a3a4faeea16e10a18f113c9a7d946e16f377ad9e3a5ca0a6425d7650b62c1e5db9ee2299e9921f52b
-
SSDEEP
393216:LXfgqusAgbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq3:LvtDpsHExi73qqHpg+Vvc+Amc
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 47 IoCs
-
Suspicious use of SendNotifyMessage 47 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1 (1).exe"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1 (1).exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1 (1).exe" "__IRCT:3" "__IRTSS:23652314" "__IRSID:S-1-5-21-3844919115-497234255-166257750-1000"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
116KB
MD5e043a9cb014d641a56f50f9d9ac9a1b9
SHA161dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA2569dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA5124ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f
-
Filesize
1.8MB
MD58d26aecef0a7bdac2b104454d3ba1a87
SHA150c29c58dfece62d94ed01cb5b3d070e593dc9cf
SHA256e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c
SHA5120daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475
-
Filesize
280B
MD5ac819dc416a9c3d7cd218247a505f4e4
SHA165184cf901d16f1f18dd82bd0673250d5422799c
SHA256a1639ff730514d3ef9d8e5363e6848069462845a9c9c0bc4ca355b60cb9dfca3
SHA5124ab1351fd036b4187660bf42b19a5f1b5a2ad51369c5e056bbbc765051905e3f1b5716557f113cf2e14678481101897698c3fc746814189da75693d3fec8fab3
-
Filesize
281B
MD5179d7efdf2a2909c5cce33a2fa7b29cf
SHA1e6ee30a67170e74491069edba50c950909bea4dc
SHA256cc4db69be2bcdf373a7615df5a274a7e08c1dc7c3106fd835272dea973b9e049
SHA5121ffba7773a15d7b53a4fa7f1b2099b565baf1d550c801a065bd03a613b5a408429c038b51a05293868525ac9cf3976615030b5cb72931a54e1a1045a1c3bdc74
-
Filesize
1.5MB
MD5eff62f61765ccbfcea560f85bd3ee2af
SHA1b5a900659fe6e5acfacfd60dd48a029a881908a7
SHA256852f401c6541ef521b3a1ea70a3886e8651cc437570a6eb69d2612956f163d72
SHA512e2d53892a8779474a536c15b1fdc439fd8219e069abe87aae7a9ee7d927dd25ba7e3381f681f6f33456c9f9275742a25364f3b9956722c4fed478dddf947dae4
-
Filesize
562KB
MD5ed3eecd322584cab32f37fa152a29998
SHA14d36ecb49340fcaf2da780796dee5e9bd3657049
SHA256b3e5519ce452cf47c6e2c1f43862fd58718f332086e3b8196b08f773827a66e3
SHA5126b12d55edb3e9aa6544abfa420662c2c830c7200f8737ec7c2cd9f9fd208eaca590ccbeb31c17fdc6bd40c805f62dcdccfba958a40d6c42ecd1f2dc6f99388ba
-
Filesize
97KB
MD5da1d0cd400e0b6ad6415fd4d90f69666
SHA1de9083d2902906cacf57259cf581b1466400b799
SHA2567a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a
-
Filesize
1.3MB
MD50913b4c43b4a1c301353197c30e01f4f
SHA1245c343a7bb339d402ff8e9d442389a4f3dfc3a8
SHA256238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c
SHA5129d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f
-
Filesize
677KB
MD5edc32a3edf7d142993c1b597f0a2748b
SHA195dd9983ed2a5e7be37215ac22d926f6b6117055
SHA2560def2509b0a5f270648362f082cd82ff12f7bf8ee42ea56150487425855b360f
SHA512adf5e0ccc464529aaadae903047bc153b2ae568087dec9e2fd2a8f0c053d8cdf8b4f26a114224b91302466fed210469d67b2cbe97e99c1629b5730688ef0615f
-
Filesize
326KB
MD580d93d38badecdd2b134fe4699721223
SHA1e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA5129f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4
-
Filesize
324KB
-
Filesize
3.9MB
-
Filesize
12KB
-
Filesize
324KB
-
Filesize
3.9MB
-
Filesize
3.9MB
-
Filesize
324KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
