Overview

overview

3

Static

static

3

launch.exe

windows7-x64

1

launch.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 03:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    launch.exe

  • Size

    152KB

  • MD5

    a8c79bc1642c1fd0558e0979e0181bad

  • SHA1

    cec94c9b5748d8d2d3a7240f50e6af3c8b659a72

  • SHA256

    f39b505751ac3650e13d0f08f8576d2c7c18e393b6cfb31bf7128113b9ad3666

  • SHA512

    c124a7738dba448780832dd39a2a9c742877d9aadeda778a259c77b34b0ef5b7aac3c78eade70fbbc7d738991ddefcedc2969b545d4a1b7397e81c48ea431cd2

  • SSDEEP

    3072:4cR7HVcrFONqdOvS3f7frXV8/GeqDBvWhCT/4Syb7:4cXu7V8/GeqDskTQSyX

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\launch.exe
    "C:\Users\Admin\AppData\Local\Temp\launch.exe"
    1⤵
      PID:3500
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4008
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
        1⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2680

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lHPv_wp5_EQ1q5MLkkCfFjVUCUwckUQQXD0BdF9dMkfkN5dbDvf3DeQ2iRIkFKrUjYHfPyO_eOVK3LuYAcoP8Drp9D59HdPGu0jl5o8OzMw8_bqmueC0F3gkKPx3iv0zAa8rL8gZlcVa3i3ltNsr0xtnhauXeKinkJliUj6-Y2vQIlOm%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D853137b3ad751ebe1e065198022ed86f&TIME=20240426T134321Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lHPv_wp5_EQ1q5MLkkCfFjVUCUwckUQQXD0BdF9dMkfkN5dbDvf3DeQ2iRIkFKrUjYHfPyO_eOVK3LuYAcoP8Drp9D59HdPGu0jl5o8OzMw8_bqmueC0F3gkKPx3iv0zAa8rL8gZlcVa3i3ltNsr0xtnhauXeKinkJliUj6-Y2vQIlOm%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D853137b3ad751ebe1e065198022ed86f&TIME=20240426T134321Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=19C13D03125C6E6C278B296D13E76F45; domain=.bing.com; expires=Thu, 22-May-2025 03:38:46 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 7B8EBF78C16847349B24ACB57E8A12AE Ref B: LON04EDGE0820 Ref C: 2024-04-27T03:38:46Z
        date: Sat, 27 Apr 2024 03:38:45 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lHPv_wp5_EQ1q5MLkkCfFjVUCUwckUQQXD0BdF9dMkfkN5dbDvf3DeQ2iRIkFKrUjYHfPyO_eOVK3LuYAcoP8Drp9D59HdPGu0jl5o8OzMw8_bqmueC0F3gkKPx3iv0zAa8rL8gZlcVa3i3ltNsr0xtnhauXeKinkJliUj6-Y2vQIlOm%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D853137b3ad751ebe1e065198022ed86f&TIME=20240426T134321Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lHPv_wp5_EQ1q5MLkkCfFjVUCUwckUQQXD0BdF9dMkfkN5dbDvf3DeQ2iRIkFKrUjYHfPyO_eOVK3LuYAcoP8Drp9D59HdPGu0jl5o8OzMw8_bqmueC0F3gkKPx3iv0zAa8rL8gZlcVa3i3ltNsr0xtnhauXeKinkJliUj6-Y2vQIlOm%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D853137b3ad751ebe1e065198022ed86f&TIME=20240426T134321Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=19C13D03125C6E6C278B296D13E76F45; _EDGE_S=SID=1D8FD8B3D31464FF0283CCDDD2BE6525
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=YdMvgr8oBAQ496U015RwBKVBL_bZ7amI6knosh9D9VQ; domain=.bing.com; expires=Thu, 22-May-2025 03:38:46 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 572DA4EB7307493CB86E144755CE1238 Ref B: LON04EDGE0820 Ref C: 2024-04-27T03:38:46Z
        date: Sat, 27 Apr 2024 03:38:46 GMT
      • flag-nl
        GET
        https://www.bing.com/aes/c.gif?RG=95a7ed1a1de14f89920b7bb1ec62c72d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134321Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
        Remote address:
        23.62.61.97:443
        Request
        GET /aes/c.gif?RG=95a7ed1a1de14f89920b7bb1ec62c72d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134321Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038 HTTP/2.0
        host: www.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=19C13D03125C6E6C278B296D13E76F45
        Response
        HTTP/2.0 200
        cache-control: private,no-store
        pragma: no-cache
        vary: Origin
        p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: AFD51E3EF4894E0199376147F742AD77 Ref B: DUS30EDGE0907 Ref C: 2024-04-27T03:38:46Z
        content-length: 0
        date: Sat, 27 Apr 2024 03:38:46 GMT
        set-cookie: _EDGE_S=SID=1D8FD8B3D31464FF0283CCDDD2BE6525; path=/; httponly; domain=bing.com
        set-cookie: MUIDB=19C13D03125C6E6C278B296D13E76F45; path=/; httponly; expires=Thu, 22-May-2025 03:38:46 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.5d3d3e17.1714189126.125e8f79
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        97.61.62.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        97.61.62.23.in-addr.arpa
        IN PTR
        Response
        97.61.62.23.in-addr.arpa
        IN PTR
        a23-62-61-97deploystaticakamaitechnologiescom
      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        13.179.89.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.179.89.13.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lHPv_wp5_EQ1q5MLkkCfFjVUCUwckUQQXD0BdF9dMkfkN5dbDvf3DeQ2iRIkFKrUjYHfPyO_eOVK3LuYAcoP8Drp9D59HdPGu0jl5o8OzMw8_bqmueC0F3gkKPx3iv0zAa8rL8gZlcVa3i3ltNsr0xtnhauXeKinkJliUj6-Y2vQIlOm%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D853137b3ad751ebe1e065198022ed86f&TIME=20240426T134321Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
        tls, http2
        2.5kB
         9.0kB
         19
        17

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lHPv_wp5_EQ1q5MLkkCfFjVUCUwckUQQXD0BdF9dMkfkN5dbDvf3DeQ2iRIkFKrUjYHfPyO_eOVK3LuYAcoP8Drp9D59HdPGu0jl5o8OzMw8_bqmueC0F3gkKPx3iv0zAa8rL8gZlcVa3i3ltNsr0xtnhauXeKinkJliUj6-Y2vQIlOm%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D853137b3ad751ebe1e065198022ed86f&TIME=20240426T134321Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lHPv_wp5_EQ1q5MLkkCfFjVUCUwckUQQXD0BdF9dMkfkN5dbDvf3DeQ2iRIkFKrUjYHfPyO_eOVK3LuYAcoP8Drp9D59HdPGu0jl5o8OzMw8_bqmueC0F3gkKPx3iv0zAa8rL8gZlcVa3i3ltNsr0xtnhauXeKinkJliUj6-Y2vQIlOm%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D853137b3ad751ebe1e065198022ed86f&TIME=20240426T134321Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

        HTTP Response

        204
      • 23.62.61.97:443
        https://www.bing.com/aes/c.gif?RG=95a7ed1a1de14f89920b7bb1ec62c72d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134321Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
        tls, http2
        1.5kB
         5.4kB
         17
        12

        HTTP Request

        GET https://www.bing.com/aes/c.gif?RG=95a7ed1a1de14f89920b7bb1ec62c72d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134321Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

        HTTP Response

        200
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        97.61.62.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        97.61.62.23.in-addr.arpa

      • 8.8.8.8:53
        88.156.103.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        88.156.103.20.in-addr.arpa

      • 8.8.8.8:53
        13.179.89.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        13.179.89.13.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
        Filesize

        202B

        MD5

        4566d1d70073cd75fe35acb78ff9d082

        SHA1

        f602ecc057a3c19aa07671b34b4fdd662aa033cc

        SHA256

        fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

        SHA512

        b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

        Download Submit

      • memory/2680-14-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-57-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-3-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-4-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-13-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-8-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-7-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-10-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-11-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-12-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-15-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-16-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-1-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-17-0x00007FFAC02C0000-0x00007FFAC02D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-5-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-19-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-20-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-22-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-21-0x00007FFAC02C0000-0x00007FFAC02D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-18-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-9-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-6-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2680-2-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-0-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-58-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-56-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-59-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2680-60-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

        Filesize

        2.0MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.