Overview

overview

7

Static

static

1

TLauncher-....7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    88s
  • max time network
    89s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-Installer-1.3.7.exe

  • Size

    23.0MB

  • MD5

    fefa077f58a4efb4f4e71e9a296cd25d

  • SHA1

    9613b235524ba675373f0698d6e3b5ff092b8e53

  • SHA256

    9d95e947dbd2a170fa8900a06982f361deeb55012ed8b4087ccc9bc188c25cab

  • SHA512

    303661182c6309a0752c999dc4465755467756153efd3fa715d64ef1d7be8196dc92e636d3a838175f938e1e89fd0adc5c4ea9a246fd73bd0af790a9e166502c

  • SSDEEP

    393216:Z25Kw30exBRZjQ5+LTc2rr6of5MJ7ZWqxPAIgtMIMlFRqWM/DX9QMIuLLf0a+jVg:kKwEqZc+LtrrKJBH5lFRqlDYkLf0a0VG

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 24 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3744
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe" "__IRCT:3" "__IRTSS:24078146" "__IRSID:S-1-5-21-3906287020-2915474608-1755617787-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1060
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
    Filesize

    116KB

    MD5

    e043a9cb014d641a56f50f9d9ac9a1b9

    SHA1

    61dc6aed3d0d1f3b8afe3d161410848c565247ed

    SHA256

    9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

    SHA512

    4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
    Filesize

    1.6MB

    MD5

    83a8f0546164c9ba1a248acedefd6e5d

    SHA1

    7652f353ed74015e7e78bc9f9e305a48d336b6d1

    SHA256

    e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9

    SHA512

    111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
    Filesize

    1.7MB

    MD5

    dabd469bae99f6f2ada08cd2dd3139c3

    SHA1

    6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

    SHA256

    89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

    SHA512

    9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
    Filesize

    97KB

    MD5

    da1d0cd400e0b6ad6415fd4d90f69666

    SHA1

    de9083d2902906cacf57259cf581b1466400b799

    SHA256

    7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

    SHA512

    f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.2MB

    MD5

    a14411ca54ffb3b223c21c63a784409b

    SHA1

    33050df5397e5a44169cf0cd702d776269233f36

    SHA256

    1c830be41a2d969da6e8e889a1ae23fc41594d5323520e5a39de7f2c32c5dc5b

    SHA512

    0bc34e8d826e3e026068c52c41eb4617e9bff553c675ff45c525ac4210b6cf878267fdfb4b6796d4de4dad2e8145eb3dd98220ee01957bd3e839e9f8a8d4bba7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
    Filesize

    325KB

    MD5

    c333af59fa9f0b12d1cd9f6bba111e3a

    SHA1

    66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

    SHA256

    fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

    SHA512

    2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

    Download Submit

  • memory/1060-613-0x00000000002D0000-0x00000000006B9000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/1060-597-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1060-598-0x0000000003030000-0x0000000003033000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1060-614-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1060-14-0x00000000002D0000-0x00000000006B9000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2204-629-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-628-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-627-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-639-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-638-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-637-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-636-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-635-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-634-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-633-0x0000022596A80000-0x0000022596A81000-memory.dmp

    Filesize

    4KB

    Download