d294856177658df0159cfe937e5ea95a8ee8a2ca85754d897aea3bb5d0d962c0 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 13:12

Sharing

Report Analysis Logs

General

Target

CrackLauncher.exe
Size

102KB
MD5

c137c5f5287d73a94d55bc18df238303
SHA1

95b4b01775bea14feaaa462c98d969eb81696d2c
SHA256

d294856177658df0159cfe937e5ea95a8ee8a2ca85754d897aea3bb5d0d962c0
SHA512

ba595d185ae98152658ce95964fd6bcce7e970896b0b1c674a142d126cf0433094debcd25527d9b4f5a6568cc5a8a42aeaef536166748eea3973f8b694564aa5
SSDEEP

3072:+5OYpgK2+49WqfOIbA099oey1r45340VJ:+jpgFP9W+bAWoesrU40

Score

1^/10

Malware Config

Signatures

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\discord-1199748644409184347\shell	CrackLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\discord-1199748644409184347\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrackLauncher.exe"	CrackLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\discord-1199748644409184347	CrackLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\discord-1199748644409184347\URL Protocol	CrackLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\discord-1199748644409184347\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrackLauncher.exe"	CrackLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\discord-1199748644409184347\shell\open\command	CrackLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\discord-1199748644409184347\shell\open	CrackLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\discord-1199748644409184347\ = "URL:Run game 1199748644409184347 protocol"	CrackLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\discord-1199748644409184347\DefaultIcon	CrackLauncher.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 3012	2996	CrackLauncher.exe	29
PID 2996 wrote to memory of 3012	2996	CrackLauncher.exe	29
PID 2996 wrote to memory of 3012	2996	CrackLauncher.exe	29

C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\CrackLauncher.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads