Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 15:57
Static task
static1
Behavioral task
behavioral1
Sample
LegacyLauncher_Installer_legacy.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
LegacyLauncher_Installer_legacy.exe
Resource
win10v2004-20240508-en
General
-
Target
LegacyLauncher_Installer_legacy.exe
-
Size
112.3MB
-
MD5
53eea8664d54198e1989301b12f795da
-
SHA1
00bddca8bba387a76d6f18fc942859acf9ff5a60
-
SHA256
a7c997ba3c3e91c048f80f96f08754948428f6d3fe4001bab79c4ae09d06c5e0
-
SHA512
e05bd2e369b19b818f715a14ceb2c35b2f8409e5524d347d3093ef82667675bf719af17ab77412156aa62748aa17572d622b163bb6d187d917282f49e56ff831
-
SSDEEP
3145728:kNS0yY1k/bQS8yJQZI3XeKBPKi2O3hE4AGzUVeQgnFV:koqcQ+3XHD2OxEfPQQgnFV
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
LegacyLauncher_Installer_legacy.tmppid process 1496 LegacyLauncher_Installer_legacy.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
LegacyLauncher_Installer_legacy.exedescription pid process target process PID 4736 wrote to memory of 1496 4736 LegacyLauncher_Installer_legacy.exe LegacyLauncher_Installer_legacy.tmp PID 4736 wrote to memory of 1496 4736 LegacyLauncher_Installer_legacy.exe LegacyLauncher_Installer_legacy.tmp PID 4736 wrote to memory of 1496 4736 LegacyLauncher_Installer_legacy.exe LegacyLauncher_Installer_legacy.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_Installer_legacy.exe"C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_Installer_legacy.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4736 -
C:\Users\Admin\AppData\Local\Temp\is-VORJ8.tmp\LegacyLauncher_Installer_legacy.tmp"C:\Users\Admin\AppData\Local\Temp\is-VORJ8.tmp\LegacyLauncher_Installer_legacy.tmp" /SL5="$C0054,115841256,1202688,C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_Installer_legacy.exe"2⤵
- Executes dropped EXE
PID:1496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4016,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:81⤵PID:1584
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD507b96c2d1823a0a548832c1062799d85
SHA165a35826b0e6d93700256fd8a4710cc039bd7b8d
SHA256c5ba29e4c82fca9adfcd3a6b60b3bf786abe7178928f80cb60eca3564e35b3de
SHA512abf2ba63976bd6622f3a1cda816c8f2267b59c079d6092ff60e7f52be893a993e3b457a174092c74056628e9694fa9efc8d823d14b4d658a9eb59c622d992f65