Overview

overview

8

Static

static

1

TLauncher-....5.exe

windows7-x64

8

TLauncher-....5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-03-2024 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.899-Installer-1.1.5.exe

  • Size

    24.9MB

  • MD5

    dc18b7f4917cb800b1fa51251bc5b6b3

  • SHA1

    268524e70c51f2f1e0eeb82ef183943aa5285a7c

  • SHA256

    0b1b9037233b62a601b31def961ed5a43773b7407d864c7ad40da9ab9ab91b71

  • SHA512

    e02ace9761c7736175b5a2c2541a51246adc5090c87724962362ec540118b331be1aeffbecd15b469eb4ee0ec29d436cd76b005ef7f7f34cad9084bb2ff03420

  • SSDEEP

    393216:QXeigDRT3h2dPfs/dQETVlOBbpFEjLsZqV56HpkBrr6of5MJ7ZWqxPAIgtMIMlFN:QOigJ3hGHExiTZqqHpCrrKJBH5lFRqs

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3956
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5.exe" "__IRCT:3" "__IRTSS:26073958" "__IRSID:S-1-5-21-3808065738-1666277613-1125846146-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:3592
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2424
    • C:\Windows\SysWOW64\werfault.exe
      werfault.exe /h /shared Global\ea8f9cd851a14d9b8bafc342e938d01e /t 4440 /p 3592
      1⤵
        PID:1700
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x4 /state0:0xa3919055 /state1:0x41c64e6d
        1⤵
        • Modifies data under HKEY_USERS
        • Suspicious use of SetWindowsHookEx
        PID:4564

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
        Filesize

        116KB

        MD5

        e043a9cb014d641a56f50f9d9ac9a1b9

        SHA1

        61dc6aed3d0d1f3b8afe3d161410848c565247ed

        SHA256

        9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

        SHA512

        4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
        Filesize

        1.8MB

        MD5

        cb50d496ae05fa1c8bfbcb3b7f910bfe

        SHA1

        3ec4d77b73c4d7e9858b11224314e99d082497a8

        SHA256

        7616c72f6659a3a2439d0452190459cd4ceb83fab2307e3e47c9604fa29d9f34

        SHA512

        22051de06c7e52a37ad36250aa095a8ccc0b0e1cdbfa2e9073c146e77e278cbdbe89bdb078dcfd8babf48baec1902b303ac39cc9db4114ce1516b06552dc924d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
        Filesize

        1.7MB

        MD5

        1bbf5dd0b6ca80e4c7c77495c3f33083

        SHA1

        e0520037e60eb641ec04d1e814394c9da0a6a862

        SHA256

        bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

        SHA512

        97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
        Filesize

        97KB

        MD5

        da1d0cd400e0b6ad6415fd4d90f69666

        SHA1

        de9083d2902906cacf57259cf581b1466400b799

        SHA256

        7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

        SHA512

        f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        893KB

        MD5

        0ee55bad7f1b5aabb8273a890dba84e8

        SHA1

        68161ba616871691d560af6fd710da00b550b242

        SHA256

        f01ef80c7e128f5a6c2c74c6c1d47633fd6300488d7aea6322e86aef02205630

        SHA512

        4f19c97ffdd243e90ac06089ecfbe872bd08f1ff4237773763844374579abef7979226731eb378c13bfb7a22c34a2bf0315685b4d2a7897d58a37eabd4150590

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        226KB

        MD5

        c84878cc22681cb5039a457bf7027c8c

        SHA1

        9eb2b25d5ff65135c40df40a3599064607c20fd5

        SHA256

        e04a97b9763e178b0ed6eb7af46809ce5071b3ba91d0a522cea0686c0c946173

        SHA512

        386fa2ae6f87c730b3c0ad7ccfe2cd67d2b10a12cf8d1d8351df9caf04400ecbd30b1140d37f1d9b47941065e75c7d46646ed5a4bed5ad352f66d83a0a459c09

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        bba68732fb535f542f19acd46af00ddf

        SHA1

        501b7058ce18858a22f6ce198dfc34fff832872d

        SHA256

        da4577994a0653b6eccea81ecd078397f2088935d24dde5d8de30fbf178dd0e3

        SHA512

        36b3d68b7163b7be4a12cc9b6fed2136300c8fdc4941e00b42faffe94f40436d104788808d4fcccfb7340e3b4a4bc4740bd66dab840260461a8ecc7785fe43b6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • memory/3592-267-0x0000000003130000-0x0000000003133000-memory.dmp

        Filesize

        12KB

        Download

      • memory/3592-266-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/3592-11-0x0000000000020000-0x0000000000408000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/3592-284-0x0000000000020000-0x0000000000408000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/3592-285-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/3592-294-0x0000000000020000-0x0000000000408000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/3592-295-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/3592-296-0x0000000003130000-0x0000000003133000-memory.dmp

        Filesize

        12KB

        Download