6ca4ecd1a1b57a50d86c35d7e773767a7d839ddb88b5b509ea0ddfd3ee4c4676

Analysis

max time kernel
215s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher Setup 9.8.1.exe
Size

81.0MB
MD5

718374516b2aa0736e6293f1c0f775cd
SHA1

f3e4557a0ef48cb60dc7185a05f18d6695593147
SHA256

42eb8d2839bf199eefee2b2ec265bdccb2685ecd93354407e2b3eaee549a879e
SHA512

f793e0b68d4b505278d46c50516bf77fb3d894960e48c76b4db5a4a1f2ad1f0344b3685498472acf5fa80cb3222daf91efe6c3ae3fef257f19bdb14b1d1802f1
SSDEEP

1572864:+2l+n6knhIZaRrKVU0pDf1IYiQSRkEv6LJAWld6CSUcwe23c2WQrOptIZV4pd:+jn6knhVrEU0l/9GkBNADCSozs2WQrOt

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2792	Launcher Setup 9.8.1.exe
2792	Launcher Setup 9.8.1.exe
2792	Launcher Setup 9.8.1.exe
2792	Launcher Setup 9.8.1.exe
2792	Launcher Setup 9.8.1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
2648	tasklist.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2792	Launcher Setup 9.8.1.exe
2648	tasklist.exe
2648	tasklist.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2648	tasklist.exe
Token: SeSecurityPrivilege	2792	Launcher Setup 9.8.1.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2600	2792	Launcher Setup 9.8.1.exe	27
PID 2792 wrote to memory of 2600	2792	Launcher Setup 9.8.1.exe	27
PID 2792 wrote to memory of 2600	2792	Launcher Setup 9.8.1.exe	27
PID 2792 wrote to memory of 2600	2792	Launcher Setup 9.8.1.exe	27
PID 2792 wrote to memory of 2600	2792	Launcher Setup 9.8.1.exe	27
PID 2792 wrote to memory of 2600	2792	Launcher Setup 9.8.1.exe	27
PID 2792 wrote to memory of 2600	2792	Launcher Setup 9.8.1.exe	27
PID 2600 wrote to memory of 2648	2600	cmd.exe	29
PID 2600 wrote to memory of 2648	2600	cmd.exe	29
PID 2600 wrote to memory of 2648	2600	cmd.exe	29
PID 2600 wrote to memory of 2648	2600	cmd.exe	29
PID 2600 wrote to memory of 2648	2600	cmd.exe	29
PID 2600 wrote to memory of 2648	2600	cmd.exe	29
PID 2600 wrote to memory of 2648	2600	cmd.exe	29
PID 2600 wrote to memory of 2680	2600	cmd.exe	30
PID 2600 wrote to memory of 2680	2600	cmd.exe	30
PID 2600 wrote to memory of 2680	2600	cmd.exe	30
PID 2600 wrote to memory of 2680	2600	cmd.exe	30
PID 2600 wrote to memory of 2680	2600	cmd.exe	30
PID 2600 wrote to memory of 2680	2600	cmd.exe	30
PID 2600 wrote to memory of 2680	2600	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\Launcher Setup 9.8.1.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher Setup 9.8.1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Launcher.exe" | %SYSTEMROOT%\System32\find.exe "Launcher.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Launcher.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2648
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "Launcher.exe"
    3⤵
    PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\LICENSES.chromium.html

Filesize
2.3MB

MD5
f7d1f1d398fd10212790e09a60419416

SHA1
3199a51aedaa746e64776f438b52234335278f49

SHA256
3787337a52260d0b6d703bbc65b258b9709469bf41210f14cc64947a554344c6

SHA512
109363e6a4007bbcd7e6aafed3eeea00520e44a49e3aec18fc4dc2751bee7738b7dd1eff0fa9851253629e5cbfdb921c67395225ef0d03af5007ddf33250c4fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\Launcher.exe

Filesize
2.1MB

MD5
c35f4dd8b7fec0843e710c90f4810578

SHA1
6c6e2d961d86b10ee5bb831a00fba186d103f15b

SHA256
b1df35bab07ab77dd17463adb4da380f0218199d11c0f758cbf9473796a8b861

SHA512
11a1311d864fd2bfa3c6c945be89911f93e979eff5cf164bf157a98324ce1b0c168537e2c9eca24304840cdcdcd0112ef604be2c546be79f5eb3a0897b113a8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\d3dcompiler_47.dll

Filesize
1.9MB

MD5
4d04432da6b9404a7cc980ec531b3d4d

SHA1
6b583844771e4b01d054e22440566d1c13ccaded

SHA256
976c73684bc3884af3b0d2233a0a7cc33c8f9cd1e0898319cc612c5d4e02822d

SHA512
2097cee17f6eb6da944947836ed2788cefb5ee414c914d14abb2c20da16492d6f32405026d92a57187e34faa4d06eeb35837647a9cf28776175829e05a9a96e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\ffmpeg.dll

Filesize
2.4MB

MD5
bd01495776ee9a3fcec81be4a7a1cdfc

SHA1
28a8aa5d6b4dfb5d18d8a2388d6b623962018629

SHA256
5dca36623295664849d5842328d77777564013c8282bdec2e1d0a83d839814e3

SHA512
73850509b21aec9e94b221797436c6faf36eba69119aa571d17809d539047040ad5276eeccfa979230848bb735c9124f1f5f7f3c9daeae89cb6855f341a3f05d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\icudtl.dat

Filesize
2.1MB

MD5
061b30fd9a18220815d286a2eb2d97cf

SHA1
95a63d2b0fa79a8e14e33009da838e655622e608

SHA256
f9455f7b11f6c633284ed54c1ffd9fb43f2910b216eada99a4ba596b849e5adb

SHA512
9c2340ea2428b3eb32f09ed4b402fbd6cdaba3f3ec7c237a6aed4cedcb83e9d84c2168290dbd3b3da66834646ef742f7f1c86c975f2d704d7f2c809e9cd5ff71

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\libEGL.dll

Filesize
473KB

MD5
637eeb39ddbeb3ff518ff1988604505f

SHA1
8b3d9a0d542718fb906f8fafb2583d7bb53176ef

SHA256
3c51a8e53ef7473e9a335673e909dc9c67bf962997e6e2a319c3bd70fd52b4ed

SHA512
3257f9c96665f1bc8bb39acd0d98015b7d5e32f3cf3f84e795df4d19f6bd3bcc14a4e89759cc0de83289b79cd290fd5f4b176c3e9a4cb2eca3acfba0c9e232df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\libGLESv2.dll

Filesize
2.6MB

MD5
2072def71f146e332bbf32c84448b862

SHA1
d4c922b75f3b10810ac24c14f40b006e78a0e4ac

SHA256
2e0787052ccfbc6f284fb302ddc6696e43aa5e99fa501935bdf14c3714a7c853

SHA512
ef1e3fc48dfb32a93c5ee2912db3fd97fe444a71802ea5aa4c90de1cfb0d5381c11eaf1a249515f21e6453e6b8f96099601aa3a54e23bfaa16dc3a6ea92a0645

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\resources.pak

Filesize
2.2MB

MD5
1ae5b3f614932c9c2328d77a23cfa05d

SHA1
7b0e0ecb3bc07452619dab8e2b3d9a704fcdcaf4

SHA256
2f1b07f7e926965353d35592f9037823550e54a32ba6fa1be1976431f69a00d4

SHA512
9fa9a990825b650eabcec444e45352d79b2236312a40935b090ad3d29714a406e63b807bfbf20e919d358d8c223f9fcc8c10238ebb06718f333a35613c196575

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\snapshot_blob.bin

Filesize
168KB

MD5
b82ff216a0babf602940759b9a3af870

SHA1
07e8a22dcf8d7be04a6ddbcab3098e040494bb0e

SHA256
943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5

SHA512
da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\v8_context_snapshot.bin

Filesize
471KB

MD5
031ea03da08fe1247280cfe781658791

SHA1
e91db50ad16b5a5fbbaf4118672d60b347ea6161

SHA256
c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c

SHA512
b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\vk_swiftshader.dll

Filesize
4.9MB

MD5
3a8600d95c9c163940f05e60a69eb457

SHA1
cce71f6a5490b48eaeb272cbf55792819fb2050b

SHA256
3477f8305c88838f894f0a304b8d2013542e9379f0310d398cd6a267e854e9af

SHA512
492a02352546065108c200b41026c711e09a32d3aa26e5356856d081bc1192445d7b98f789b6856b02217e84d8b3baa3288e3b9e359e59af6d0c7dcdd1888cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\7z-out\vulkan-1.dll

Filesize
894KB

MD5
c286e1191c5b91130b6d16e23cbd44f3

SHA1
8231664efdf30b07ff0dbc6b6f4e4d46ec574de0

SHA256
8d4b92d08f42bfe9d30362b9cf671fd6ae3166ade44f94de17dfc531393b66cd

SHA512
5cd07f2edec7bbe8684ea291a9d1dd3709f6a25c55fda3d92938eaf9c3b047ec481e3e7f3fc64973f6833422ab5880f1318a15afa666e2dd207763c7d3822bbd

Download Submit
\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsuB26F.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit