4222b9ed7a08ea340aed36e4482daadc44540f81c189b163ba3e2b865c64a01a

Resubmissions

30/06/2024, 13:09

240630-qd545aybke 1

30/06/2024, 13:07

240630-qcn48aybja 1

Analysis

max time kernel
10s
max time network
43s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 13:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TEKLauncher.exe
Size

3.2MB
MD5

03a7490421f5f285201e15c222173af7
SHA1

139ad0df1dd439c190cadf36fba44adc5c74ea13
SHA256

4222b9ed7a08ea340aed36e4482daadc44540f81c189b163ba3e2b865c64a01a
SHA512

ed4e22b074fbd8f3aa725ea4fd8645ab75d44e91081013756fafdc62b01d3d5de5d947f5ec003629d8da076642bd3c3cc2bcfdc70cb6ce8290a874b8e3e892fe
SSDEEP

98304:vSD4jGm/SDajG9XGEcxSD5jGPQAlNmD3p:qD4Sm6DaS3JD5SPQAlNo

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 14 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 3064	2180	TEKLauncher.exe	28
PID 2180 wrote to memory of 3064	2180	TEKLauncher.exe	28
PID 2180 wrote to memory of 3064	2180	TEKLauncher.exe	28

C:\Users\Admin\AppData\Local\Temp\TEKLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\TEKLauncher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win7&apphost_version=8.0.2&gui=true
  2⤵
  - Modifies Internet Explorer settings
  PID:3064
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
    3⤵
    PID:2764

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
339a88095fd749f2e97b1e739de1e8f6

SHA1
c5929174ca44d00881c46271f216c3da792b71cf

SHA256
71ca440c98318d0e131e9cc45b09a5af53c5cc9a1f466b60472c36bec5ba0d65

SHA512
6c205adb22054374a83ded2fb4efff45604dcb97d259386e1381d519d232df1e9ec26eefa580310d1132530299f992af8d21d4f5b319253b4c9fc2f3331fc2df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccc110f8edf345e5bfe3f5377443be2d

SHA1
97915f1d78b9a208f8f766c504cd088ae3e696f6

SHA256
b44970b8f043c4aa92d157ce3976b5913dd86a5956262e12d6deec85d8010cec

SHA512
2a11b2951a51e31d41ea0b2786ea27b9c8ff3c2de52b83f49abeaaed1a150e0a2b4dd9b9b3c339707695553729bdf40a40508a338d91d23e8ae4569a07c25e8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d0200ada5ee434a343ccbebcf7d5b51

SHA1
5589ca8f10b6148ccc04b4556a1a0fda46097b32

SHA256
496789e67894f074392e3ef0e81a4760f6c3680e33af018e510d01df335dad1b

SHA512
3069bfb9503a7b554ec3cb489f8922ef9f55ea293956c9d835ae028401f6e7740abd737e6ac21193717d125df70e218ddbbe8c443ee12549d9f8e9c09ac0936a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3145283b46e373543e53e867e8edb583

SHA1
b55f75e33283c6d413a526e511512ddf0da6eb2e

SHA256
82f8930fac448327efaf34adc9458df6ee42cf86cb15dd5874a4167bab73c79e

SHA512
e8cc3b85b6bfa984ad73dfe61b44a15bf0ec15a9ce4dbe3b6f2ce2960fc2a402fbb7b2d46332698140bd75504893dd7db7abe8be75bc0437e5498d1f7be82558

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82dfaa4af7ffa99df04dd18ded02f535

SHA1
82c786dcc375c0014c2682479d64e97fddc23fc8

SHA256
210fa12de7a0bcb06b137fb8e1f0cbedf9417e13aab63c5f3b58899ff73a0caa

SHA512
fb161694d17e86663bb24f030a3db1fa6a243d5976a07b9c1f0d55aea5aa28539190de09739e40de522f21c1e3c5ce1ca928b310ebc59d08b47052d585149f64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c52c1b531e5dddf0b07edf657fbb5818

SHA1
2f1d16b7dda0f5fd3eab590d347afaddbcdd793e

SHA256
45821808ac4c5c78778d3506b7ed7699b28dfb6cea1fe269d17a63a561a1291e

SHA512
d9e4be13bcc85634c50abc044bc7249a96645e447ab90e9e84096c445257a22f3e8824a65cae0e6e20995964797b8bd1a330ce47d8cb0ec608277584877fd335

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a981db7b2be171646235a8d9fec7458

SHA1
9ffe81474f47700bdec0bf7bc3c5cb4e38c8c523

SHA256
41e716e09bc18fcc9c4765ebe5b2a46f5bc462460afd2a59eb07a2c9c16b7a69

SHA512
95aa6273a91b402acdca9b80acc85afcbb675602d5f6ba1961d77c45af583a77199eae5f8c4aae3773a32d339a35d1100a772ad7e032644819c9cebff000f5d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d9d467588ddecef8fee74383fa8d851

SHA1
981f459bad1bd92d668b2dfa4510df7753c01018

SHA256
30731896d33800d748acdfb989aafeca030932f0011979431135e51602cc4d13

SHA512
badc37b88abfe1e35039c7add415a417e8dfce27b8c62a514549ee7a39bb1b5a7ecb1cc46f466917385cd3216ef41e198ea7fc10869395f0da28ff7ac7d4b51e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ba79a20c170182c0e50ff44db7dff62

SHA1
04786c3c463a9841ba6047a33bbec96201330c4b

SHA256
d81b6f33febcd49b0fc2d43d24c5075b8fcf149714127a71de7a6bba50ce4b80

SHA512
9e5bfa5236a6c6e4d33468fa1ebd2c7f6bdd7c74154f35a188f9337a8c233b0c9c4e63651fdd4a2c3d7d51c120ef42000018844da95f1009c5002d34d3d2c938

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdae4a2fd76746421287d23e54e67267

SHA1
6e6ca954b9175de2972cf8eb5cec8f56da7257f2

SHA256
2dd7426996800c8dd24581443ddb892a8e9ac56ea59e829c079673569f0be3f5

SHA512
a699f7ce5fead83c5d22bb71387d14696a324fc5176f706ce7ddb08bf40ec87f250fa9d6e6169b4665a9ad6797f0ddd3e14f4d32bfa40ef0b767e1b84c81a524

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6721f300557da9c7628fb7f10a0aac2a

SHA1
4cd628dfe39413acf6793705454b3c84b02700d5

SHA256
641b23fa117fd10176b6dd5b03f34bbc195052baf0e096391b74c2b4d77660f8

SHA512
cd8d056cd24e68c0eca2f398763048e3d9bc84ed5820dfa3b62aad1b04d2d13e05324c12c930b62d91ca0fdaff8f812baeceeb40e62feeca25dfe5a47a460d69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9440b64d0961abb6a943563540ed29ac

SHA1
277f24f9cbbed20941b942a688418f267b21a100

SHA256
c219f7eadaac7b419e5d08fe67fa8dcce88d0682849108e69e99e50a4e33362f

SHA512
92fff905f3435d6d46679eade2b9285e0fbcc35a257f687a804f4d0a6996dcbaa57b0b2c3cd85b1ea09ef687990e99bec785285fb0374b77e41cade55a792f28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fcf29381ac63b1e18c13091c81db075

SHA1
21b549fed41cd125e2fb88334ff4190c1b5b17c1

SHA256
b6e41a0eb83a25ba1e6cdd69de149e487bd66fef73839e6077f5fc308edb443f

SHA512
05eee1f35a8378d2a95686603c1357a6ce420a759c01527e7e663da5b94c1fc988af2b4597c01294336ee397b891795c713847a31d16d0dd50d4d6af180771b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0652680a73abd06c97f93252d5cad7cd

SHA1
66073b98b277ddd02fbf4161f31371c331c5242f

SHA256
f8a3729d3542d08d0a6a2c019135abfe5228b558d5ee615e0036a2add78458ce

SHA512
64a2c72ab075c17fca10562c5e39ac552029a74706b32c74797d376e4137e600c26d5c11efd5e9bf80baad99354ee522ddc50258fe07ef649b49e2d5e55d924d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88eedf60f3a86a4be8377f1c5d1aa10d

SHA1
cef79026c98dcd17b4593f8e128e5b70dd05a5eb

SHA256
1ca6bb79694852df25c74a28ed1338c15bffd4b1340feab85175c7e1439a6037

SHA512
765978f8cac4433af234bba15aa44697a1d2a7881760c451d50c566d8deb7bcc6845e1305557c0aef7f92cb0d8a6cae13f66a1b4c8d075f8e0c63734967e72d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70096c8235448933b1e20a0a2e8239ac

SHA1
bf831b52a90e2e3f214f224ff97e07e939a32528

SHA256
3517892f1990b867ea8b6e00885de26dc2682d5d0b2768838c4de3c55f60da0d

SHA512
71097ec8618fe762d5826a89cb89503d8d315b12c814c23bc074812bdf51001fea61b004f5bb6ca65834096939100602499709a203bfdee6baf74c0ebfb7c2da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab454A.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar45FF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2180-0-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download