Overview
overview
10Static
static
3Launcher!_x32_x64.exe
windows7-x64
1Launcher!_x32_x64.exe
windows10-2004-x64
10dll/Qt5Gui.dll
windows7-x64
1dll/Qt5Gui.dll
windows10-2004-x64
1dll/Qt5Widgets.dll
windows7-x64
1dll/Qt5Widgets.dll
windows10-2004-x64
1dll/directX.dll
windows7-x64
1dll/directX.dll
windows10-2004-x64
1dll/msssvcr120.dll
windows7-x64
3dll/msssvcr120.dll
windows10-2004-x64
3dll/suppID.dll
windows7-x64
1dll/suppID.dll
windows10-2004-x64
1Analysis
-
max time kernel
131s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 23:41
Static task
static1
Behavioral task
behavioral1
Sample
Launcher!_x32_x64.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Launcher!_x32_x64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
dll/Qt5Gui.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
dll/Qt5Gui.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
dll/Qt5Widgets.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
dll/Qt5Widgets.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
dll/directX.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
dll/directX.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
dll/msssvcr120.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
dll/msssvcr120.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
dll/suppID.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
dll/suppID.dll
Resource
win10v2004-20240508-en
General
-
Target
Launcher!_x32_x64.exe
-
Size
26.6MB
-
MD5
17587a2c5eff748c7dfd479c0dbe28b0
-
SHA1
2e492fba4e72f657a26e00e1c7e6f87d1ebae35b
-
SHA256
92c7f9d9db4fb88571c963b4134f080754b0f5706a4560637f88a7dc9a3770e6
-
SHA512
c2ec5bbf1b469f35f7beb8c55058d89ee625e8f40b3324ec8b86678506596464f44d06bae27000bc4c7f62c0c317343faef4cee35ff8bfc48d3b982f511355c1
-
SSDEEP
98304:lmaxuB4T6qZXp5DH5+3cZthmlaPOSertJrtktFE5uUNkViUf/AiE0vIYoCOCv21s:w2pD0cZYaLer6FE5uUEiUfYvDYjOCYRQ
Malware Config
Extracted
lumma
https://uncertaintyrestsju.shop/api
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://employhabragaomlsp.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Launcher!_x32_x64.exedescription pid process target process PID 1688 set thread context of 316 1688 Launcher!_x32_x64.exe BitLockerToGo.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
Launcher!_x32_x64.exedescription pid process target process PID 1688 wrote to memory of 316 1688 Launcher!_x32_x64.exe BitLockerToGo.exe PID 1688 wrote to memory of 316 1688 Launcher!_x32_x64.exe BitLockerToGo.exe PID 1688 wrote to memory of 316 1688 Launcher!_x32_x64.exe BitLockerToGo.exe PID 1688 wrote to memory of 316 1688 Launcher!_x32_x64.exe BitLockerToGo.exe PID 1688 wrote to memory of 316 1688 Launcher!_x32_x64.exe BitLockerToGo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Launcher!_x32_x64.exe"C:\Users\Admin\AppData\Local\Temp\Launcher!_x32_x64.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵PID:316
-