Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
27-04-2024 11:21
General
-
Target
Launcher.exe
-
Size
13.5MB
-
MD5
06701fa4d6207ae762d2a0768d2411d7
-
SHA1
6738f73aa130290e24f1c4c3901fe2db69b3d0f7
-
SHA256
bdc8739dd47fcd769493c2d8a8ef4aab573716471f5699660096623cde62e4ed
-
SHA512
d6758e008bfc0407ada2cfe0caf295dedaa2f821a2ae15620f5ec6feebbd351b3ccf40c59e72487aead7699bfaa3e2fae0440ad1cd953a88be23978e4d9ba51a
-
SSDEEP
393216:+SGRf+y4374G4T5h2IIIIIQA6EopCr3HwEQ:1GRm785TTRr3m
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 17 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 45 IoCs
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://astrotrainers.com/index.php?/topic/2-how-to-request-your-game/#comment-72⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8BB34D7AC6ADCC019FE5325FE9DECAE8Filesize
471B
MD50b7b564442b01b352fdf65fe199b8b13
SHA1eb6d4c0bdbd3a80c030a504a684dc6356c4ec428
SHA2568df4fa024b1b937df4b6f9dee14d18eaa059fa8ed233b3697f1b4ad5846bb82d
SHA5120b13c7d1ec97e9a864cfcd616517d28f041fd079d8f504548c4c15848e903492c75bd8c508636834069c416d6da14e293513931f8776c483fb8663dd5a3aa881
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5dc32700678706db3afa839e28487deb1
SHA1821e147856d44c83848b558b9ad7653db15d8c65
SHA256aeeae8df803bbc9c3e77673d596c10fcc0aa7b214861c540d10d978450d18945
SHA512108edd984371ac13597b058d79d72a407ac107beab04dff6851fd72d523ec6baef601103f3fdeda88d62e186387aad22f66affaa8fc87c4d08cd750fd6a96d7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD58296c0d474e76fc17cbd30274ccd92b6
SHA16e2660967a0a6edf1aeace899f434744f3618c34
SHA2561bdedcafd71d519bbcaaa9312ab13b03e9b60bb3d3fd4741e732d16018434928
SHA512ee5c0e286861274a878dd4927e5a81e27119620dcc23d40edc674e2d8419d00f11acacf08a9e00815974aa0f2410f294c54ace3c80bb7feff4d2c1b932bc472d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD530cec7fac3074fc4bde84b57ac4e5611
SHA18b1b5d05d2e66cda5647b0572d22ad4825b622e2
SHA256c99102c36343327c1b991037986188c457f71d63043614100afda3db5d7391f6
SHA512ea69da0b2332ac97892e567f6d65f05feda85595f258b1056f641454a1db63715cffdc8fc44f9665621458344ccd3eaa12c587149386c4d05f101150cbe40130
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5cedcc4e17eaebbe21108ccc46282b466
SHA1b6e1fa9055a36db4081b35938936bb7695978ca6
SHA25666bddfb815201583d6cf5ad42e098df43e658e392d05a65dfca86e7003621a93
SHA512b800bc71a74605c7f48e774eacec03382e3441de02a71958c3dc959d7a3bb635b5880d594f2e16e84fcdaa150cb92b4246aaf7a59c85015214552c3c56ba71f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5f5e5dd00ba0aa709e8eda46195c38fde
SHA15b1930bf8835b534a425ced2929874931799112b
SHA256ecd1226326eb0147574b6cd23d7fcdae0d16db5b9c2bada9ecea4324997405cf
SHA5120c084dbc18f92a04cf6015d4d252db4973ad266df912082060944f2a37e9effc38f226673f547d7ef8e87cc202de23ed22255a864b4ed3f4028a9cf1ea92b576
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5cde535bcfe28ee2b76797c3f4cf48031
SHA1ff91152a8ded40e612b52dddf6728ca97c11cc45
SHA256a787241c0fdaa25996c8b62507bd8a8939ed9cd3e935fb95a30efccb83b15c5b
SHA512b92b4a91dabf99ebbff777ee234efe08abec268d770a2532b1d796e1d0cd8dcf33c417ea31ceafd2fd0d2e31500f04acb37206ea9a562e6b0c7f142786677767
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5c2af28768a413f3c4d16a5c62fcf17e4
SHA1deba30005482e561ba647bbcc25a1d334e30fb71
SHA25600b3926a0d540c9eb012b6bf2fa5fad8feca1a27c036cda05ffd6829bc6a523d
SHA512c623d9ba970de22973266f4bd55b48f9e88d73938356209bd8dd30914d8f2c987520048d3742cbc67f38a1359479d1c596baf18f26cf88e1ce41f1479903c4d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5da088ae1098945eb3e5770f2d3376039
SHA1630f44b22314786d4710db6d840efed79755f1ed
SHA2561801856fdef878265aa3975b078eff952db3d5e3fdad55b2eb836ffd222b070f
SHA512f82d91aa046bd6af4def975c4538321d0c05f7d43000946332251fa030048ae756d479b63971b34af6684bc94c0e139fe3bab2933b55ea4d18f7e34efe51c1b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5a3bf416cb881065bd2e62150e112ea8b
SHA16b38657435674613993bf44cd3aa1ba6f0a0c052
SHA2568cf545f7866a8e8343b1f82d6bf92bef594fa0c51eed3882881d859b8e437c8d
SHA512ef298e357ff2f5780f9f5db547f10958820c2239787dec0b970e2cb69e5df3e628663526240f1912def2bfaca96e19232513d38e78e4636a1f338374af6865f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5debf5a0338051382fc9a8319805d3825
SHA1607bdf552d225a6f6ebf32b7038656b4059ae9e3
SHA256915e5bbc9cc2ff85882c8051df119974f97124c5510cd50d721a35278e6280ce
SHA51204d0d77344ac26bb73480434edb52d2b0698f72f08b81b1d8de55c712e407ec3d3559782e57f24a1a283ce8b74b5099ff7ec53f381ae837a6a80411ddee4c858
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD550353b813a652bb350567426ed47d346
SHA1237dd25918738d0df65c5abae3001eed7af0123f
SHA256a3dddab45bc7e275c79378032753eaf7ae92e308b5054aada3973d34b56ae4b5
SHA512540db5c1916ddc5677fd7fc63e5dce7a9a3ba637a68347980197097263981d36239cdb6e8052a83a6f5bdc74bfd364cbef616424b1522bc5ee31f6948edf9e71
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5492a0746b57508af65d0f049373b8e6c
SHA18aec9f8dc8349ad6f37c056353cadc16effd1067
SHA256d06af5c30a8921da2e9bf4aecab90ebb3db3bb448ee41c35c1b6ad9c807e86ca
SHA512ba47f3c01d0535de6be3dbdef525e310a2c2a5b240697ddd351382870b457f6c0a0499a674fe102d37021fe18e75062df3dfe9f3f3680d608f5adda14c167bba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8BB34D7AC6ADCC019FE5325FE9DECAE8Filesize
422B
MD522a18ed66f529208ee67cd7bac893cf5
SHA17396460d427396a74577ac6f9c4ab8ca538ddd36
SHA256a26f1b303e49581e39a6d56dd8cdbbc81ed6225e0eb902209c4bbaa1956db3ac
SHA512439a79f8521ddf46f0740a36c2fe1480624c15d18e19fa4173f501e8e420dc75325fcc4e6e8d9e6fee9d3d14dfc64a8703239016b7547708b09d3b2db9e6cb05
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\f[1].txtFilesize
178KB
MD50792107632e2e233f52b94e2c4052eea
SHA19aaba34a6b301a5caf5c6d209733052511fb2a07
SHA2562e0bcfa80c17020f4554c246c67d34783ba3ced4d1485642dc7c4b3f4af3abfe
SHA5122ca1e8c9e4a18e1a60c546732decc6432c61ec90582ab38164528df58122da54fabecfa6a977c3774fc10d40e30d514f4db4d6ebbcb94a787d240fb40e8c2993
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\1063841426_Myproject-1(2).png.29cf6c5bb906feb80e66f44b7216097b[1].pngFilesize
86KB
MD5779d6cf8739deeb7ebd4ea03cb0a6400
SHA19dbe38277617ebff9007bd5e03d83df59a578077
SHA2569c4b0e8f9d82da96a3e8686330bec807892b905ea391a7798f2b4f9f1ed7bfc1
SHA512ff2d7fb29ccce1b171d614849deea435252c8051f54988ed132e2928ec712e118d3eb9b6179d0719774f9bafa242842dca328f6ba526c4293101abc1476470da
-
C:\Users\Admin\AppData\Local\Temp\CabD895.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\CabD955.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\TarD898.tmpFilesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
C:\Users\Admin\AppData\Local\Temp\TarD979.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
C:\Users\Admin\AppData\Local\Temp\~DF08D94BCA204D049E.TMPFilesize
16KB
MD5f6cb8f9f0573cc8b36e81cf6b314af25
SHA1d7cba9816330f829c597a64b93670ab0342f0da0
SHA256d2c10e2323bfcca41ec086db277abfad61e1e30a1215a48e99385f3901622659
SHA512a17b3fb32f3085b56b99e9192ff91a7f0eb1b017c6f40b4bc60f8b91caa1cb343c0bb47032a83724e0fbf52c24e9f2617a2c4977ee7c549d3ab7df0d67b60f0f
-
memory/1888-18-0x000000001D5E0000-0x000000001D5FA000-memory.dmpFilesize
104KB
-
memory/1888-21-0x000000001CE30000-0x000000001CE38000-memory.dmpFilesize
32KB
-
memory/1888-25-0x000000001E300000-0x000000001E31E000-memory.dmpFilesize
120KB
-
memory/1888-29-0x000007FEF5D50000-0x000007FEF673C000-memory.dmpFilesize
9.9MB
-
memory/1888-30-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-31-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-32-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-34-0x000000001CD50000-0x000000001CD5A000-memory.dmpFilesize
40KB
-
memory/1888-36-0x000000001E330000-0x000000001E344000-memory.dmpFilesize
80KB
-
memory/1888-37-0x000000001E540000-0x000000001E54E000-memory.dmpFilesize
56KB
-
memory/1888-38-0x000000001E550000-0x000000001E55E000-memory.dmpFilesize
56KB
-
memory/1888-39-0x0000000020E50000-0x0000000020E80000-memory.dmpFilesize
192KB
-
memory/1888-40-0x0000000021770000-0x00000000217F6000-memory.dmpFilesize
536KB
-
memory/1888-41-0x000000001E320000-0x000000001E326000-memory.dmpFilesize
24KB
-
memory/1888-42-0x0000000021800000-0x0000000021808000-memory.dmpFilesize
32KB
-
memory/1888-43-0x00000000282D0000-0x00000000283DA000-memory.dmpFilesize
1.0MB
-
memory/1888-44-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-45-0x00000000232A0000-0x00000000232A6000-memory.dmpFilesize
24KB
-
memory/1888-47-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-23-0x000000001DFC0000-0x000000001DFCA000-memory.dmpFilesize
40KB
-
memory/1888-22-0x000000001E2B0000-0x000000001E2D6000-memory.dmpFilesize
152KB
-
memory/1888-24-0x000000001E2E0000-0x000000001E2F4000-memory.dmpFilesize
80KB
-
memory/1888-20-0x000000001DEF0000-0x000000001DEF8000-memory.dmpFilesize
32KB
-
memory/1888-19-0x000000001DE30000-0x000000001DE3A000-memory.dmpFilesize
40KB
-
memory/1888-0-0x000007FEF5D50000-0x000007FEF673C000-memory.dmpFilesize
9.9MB
-
memory/1888-17-0x000000001DE00000-0x000000001DE2C000-memory.dmpFilesize
176KB
-
memory/1888-14-0x000000001E250000-0x000000001E2AA000-memory.dmpFilesize
360KB
-
memory/1888-13-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-12-0x000000001C460000-0x000000001C470000-memory.dmpFilesize
64KB
-
memory/1888-11-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-10-0x000000001CB10000-0x000000001CC52000-memory.dmpFilesize
1.3MB
-
memory/1888-9-0x000000001C430000-0x000000001C45A000-memory.dmpFilesize
168KB
-
memory/1888-8-0x000000001BFA0000-0x000000001BFBE000-memory.dmpFilesize
120KB
-
memory/1888-7-0x0000000000C20000-0x0000000000C30000-memory.dmpFilesize
64KB
-
memory/1888-6-0x000000001B8B0000-0x000000001B8C8000-memory.dmpFilesize
96KB
-
memory/1888-5-0x000000001C4F0000-0x000000001C54A000-memory.dmpFilesize
360KB
-
memory/1888-4-0x0000000000E90000-0x0000000000EB0000-memory.dmpFilesize
128KB
-
memory/1888-3-0x0000000000CD0000-0x0000000000CF0000-memory.dmpFilesize
128KB
-
memory/1888-2-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-821-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-822-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-823-0x000000001C470000-0x000000001C4F0000-memory.dmpFilesize
512KB
-
memory/1888-1-0x00000000012D0000-0x000000000204A000-memory.dmpFilesize
13.5MB
-
memory/1888-829-0x000007FEF5D50000-0x000007FEF673C000-memory.dmpFilesize
9.9MB
