Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

TLauncher-....8.exe

windows10-1703-x64

7

Resubmissions

07/07/2024, 06:56

240707-hqjsnawerp 8

07/07/2024, 06:53

240707-hntj3sydqb 7

07/07/2024, 06:51

240707-hmjngswenm 7

Analysis

  • max time kernel
    77s
  • max time network
    92s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/07/2024, 06:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-Installer-1.4.8.exe

  • Size

    24.1MB

  • MD5

    ff77de2eb5a4366f68735e22ce263d3c

  • SHA1

    8758fe1d1ab6359e3011a41e35529185f75a0b99

  • SHA256

    d896da5d7f9f64d5375d41081a29f93dce7bf14c1974c9cde8979ee7a98b522f

  • SHA512

    30ef806a6dd951ae33e05e40f99577675bc4dfab0a8fe6d239ebbb46e026899484e140af36e41959ea29886e54d49022cbe5c7e4dcdaffcdab67ae85f7976e60

  • SSDEEP

    786432:WKqHyU7V5bJmM9irrKJBH5lFRqH0fYk/pUJ8a:WKay+sMQPKJBZlCUfYSpUJ8

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks for any installed AV software in registry 1 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.8.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.8.exe" "__IRCT:3" "__IRTSS:25232442" "__IRSID:S-1-5-21-4106386276-4127174233-3637007343-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks for any installed AV software in registry
      • Suspicious use of SetWindowsHookEx
      PID:4608
  • C:\Windows\SysWOW64\werfault.exe
    werfault.exe /h /shared Global\bee52e0fe8044e759b95561d89140702 /t 4588 /p 4608
    1⤵
      PID:1752
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:5080
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1520
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.0.1428057859\136290504" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1636 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b225b27-f01d-46ae-acac-bc3c1b898b11} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 1760 12a215d7e58 gpu
          3⤵
            PID:3180
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.1.1445182957\1920160972" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80a02467-2ecc-4da3-8f08-b5f235b7ef6b} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 2116 12a16172558 socket
            3⤵
              PID:3124
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.2.1492544202\769476887" -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 2956 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da315eb9-0d61-4f97-ae7e-485c2542c093} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3164 12a2155c558 tab
              3⤵
                PID:796
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.3.1893253128\476327843" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3520 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a99ea4b-63b3-409e-9866-a73b0374a30b} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3536 12a16165658 tab
                3⤵
                  PID:4228
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.4.1770174139\1492556516" -childID 3 -isForBrowser -prefsHandle 1520 -prefMapHandle 4196 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62f73b6-82b9-4259-a11e-d886e3775c6a} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4244 12a26cac458 tab
                  3⤵
                    PID:4268
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.5.1109018998\299600397" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 4960 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ccedc0d-a073-4bac-888a-61f30bcdb593} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4976 12a1615ca58 tab
                    3⤵
                      PID:4232
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.6.1687722169\1200799717" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5108 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2244bbf-2508-4b70-8a22-3bd161eda264} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 5032 12a29153e58 tab
                      3⤵
                        PID:4412
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.7.1047775805\1092028411" -childID 6 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03323a2f-2c93-4174-b3e2-c00f297da578} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4996 12a29151158 tab
                        3⤵
                          PID:832

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
                      Filesize

                      116KB

                      MD5

                      e043a9cb014d641a56f50f9d9ac9a1b9

                      SHA1

                      61dc6aed3d0d1f3b8afe3d161410848c565247ed

                      SHA256

                      9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

                      SHA512

                      4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
                      Filesize

                      1.6MB

                      MD5

                      199e6e6533c509fb9c02a6971bd8abda

                      SHA1

                      b95e5ef6c4c5a15781e1046c9a86d7035f1df26d

                      SHA256

                      4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8

                      SHA512

                      34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP
                      Filesize

                      1.8MB

                      MD5

                      5c9fb63e5ba2c15c3755ebbef52cabd2

                      SHA1

                      79ce7b10a602140b89eafdec4f944accd92e3660

                      SHA256

                      54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7

                      SHA512

                      262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
                      Filesize

                      1.7MB

                      MD5

                      dabd469bae99f6f2ada08cd2dd3139c3

                      SHA1

                      6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

                      SHA256

                      89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

                      SHA512

                      9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                      Filesize

                      1.2MB

                      MD5

                      b5043eda3b89c980a4957f3667d7d53b

                      SHA1

                      2c0a4c924a255e57cd00dc65ff5fe2db45050d49

                      SHA256

                      6041dcdad508a9063d182479cf2f25d75b4bc38cb3f0c6f2067843a6b7dcfa08

                      SHA512

                      b3b85f7d023b6b59409721d5c4016d436319dee693d036d4498dc68d46a778bdefc7b35aee661a9a1e179ac2fa469dc47c4d5cc45c17df3893b5404eccafbd71

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
                      Filesize

                      325KB

                      MD5

                      c333af59fa9f0b12d1cd9f6bba111e3a

                      SHA1

                      66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

                      SHA256

                      fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

                      SHA512

                      2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      8b8d334f70a5900e5b24acf816880a49

                      SHA1

                      6c9cc235b2509a42638004333a4a3e887eb2698f

                      SHA256

                      e0f09880983d43ce9f08673b35e59eb0e24a0d7baea181abadc3cd12bbe3e7e0

                      SHA512

                      9993404ae3cffe10c6b4b874e374a1c324d9bc3fc06fc14bb39669f313977f7f245b7700c814a647d8732640bb3bff33241d9373cf0f5ccc8bf5d497868be43b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\2e870280-7eed-4616-8020-16bf4977a4f4
                      Filesize

                      746B

                      MD5

                      c7b997567df422bfa95409c76f452aac

                      SHA1

                      bb61ef8ed9159a154c6d7755baddf844c82f97eb

                      SHA256

                      9497407538bac146dc3bf0e61270b111db9922f9bca3cfdf8a36870bba9cb221

                      SHA512

                      4c5ffad7ab205c3b3d00a82c3995689ed9f70e80a907d16ebb4b7653fccdabf1ae23360f7fc6261e38363e3743d3424d467c01278c00d9a3d2e0377d0b9ebfdc

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\427ac494-b725-4e4a-b376-37bc08fd94c8
                      Filesize

                      11KB

                      MD5

                      d616a899d3c5832729d773ff04eece4c

                      SHA1

                      cca8db12095dc1964dc98295b55f9fb112d6fca9

                      SHA256

                      c6d75fe2250530be3f69fa703d0af365b73fee9eed1456b882fc5b65d6d5bb2a

                      SHA512

                      198854d09dabd4a1c6486ed0e3ff58c7d20637fc99f5f650f19df7b3500ef9b6af943011842852d95f02863fa403b11c046726356b8f5cf1a688022d74b3d4b2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      8eb30b71ff788fc3a0df4e01c0b5c9ab

                      SHA1

                      0b9e51ec4a0b40b3fc010d07a51703282748e6f4

                      SHA256

                      0234e1b4183a71257dba05cf0ef3b77b111c61e21221e1dd20bfdbd190583c53

                      SHA512

                      1f9a7434964af0e3799e57d1cc053e67f07ae354c01f01bcf274ac387f50cd14bc7dea750d700c031dacc316af3bd05ce07b0e5fb18b7ef4fbb393d7e03ce34d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      e141d4340b5c2cc0c941f022af5b1591

                      SHA1

                      000ff4ed6726a3a0da2c748270ae5afb44e3621b

                      SHA256

                      224c128f8a30fce741b32fae63975235f0e4c89adfa883861e7771a778efe10e

                      SHA512

                      d57c6c15d34bd86b17a3bcfed3e419aec2020d6c6ae875777f7e1f1e9e67980db2a74150f9fe7352785ac89645c9290b33414e244736c144dca33f05e59c5320

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      6d0b2df606b30babfa59ccf1e8db5241

                      SHA1

                      c9560e0df42047ccb726c01fa15e5104d3de5ce9

                      SHA256

                      c15ff1ec8cb3275f29a5ddf7158030057c80ee904108cf3e0ec9d0e15495cc8c

                      SHA512

                      c369af82fa70f800a197383e8ed8027b702df464ac14ea20acf4a52c02383b33eae4eb43076e555d55d72828376aef66d356ce6cca2465a04757c2f38e0ecd85

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      cd4babd6594f2cfb43924e1eaafb086c

                      SHA1

                      d6805aa44731a469af237c95ff0830e5e8e6b686

                      SHA256

                      da971d87d01e45c096d64aa7c423a5ad6ee3434fe1b65ac4e96a096cee31bf10

                      SHA512

                      33a8eedb9d4515149ff987bfaefcfcfb7e2a938270a3ebfa5c94b5377ca33f757014dc95c793e7c3d2578813cc1a4c2d2fdd97756e801e4a56df458edd22d274

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      184KB

                      MD5

                      a4ef159d11a72370fcad19af60939793

                      SHA1

                      95d572694b14d7ae8ff9032821c933580d3c553c

                      SHA256

                      7264f7e579a0aa28cfc19ab086ec86b5cefba6d9ab48e794c46fb9fee6103ea5

                      SHA512

                      f56cef53facc7864692c14329b95784dbe26f86451ad25f2a85e2daa8593a1d68e9d5897f43269d9062a06114c9e5a05a4b4df86abcf09937a7f174f93af3603

                      Download Submit

                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
                      Filesize

                      97KB

                      MD5

                      da1d0cd400e0b6ad6415fd4d90f69666

                      SHA1

                      de9083d2902906cacf57259cf581b1466400b799

                      SHA256

                      7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

                      SHA512

                      f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

                      Download Submit

                    • memory/4608-698-0x0000000006B20000-0x0000000006B23000-memory.dmp

                      Filesize

                      12KB

                      Download

                    • memory/4608-695-0x0000000010000000-0x0000000010051000-memory.dmp

                      Filesize

                      324KB

                      Download

                    • memory/4608-694-0x00000000008C0000-0x0000000000CA9000-memory.dmp

                      Filesize

                      3.9MB

                      Download

                    • memory/4608-693-0x0000000010000000-0x0000000010051000-memory.dmp

                      Filesize

                      324KB

                      Download

                    • memory/4608-692-0x00000000008C0000-0x0000000000CA9000-memory.dmp

                      Filesize

                      3.9MB

                      Download

                    • memory/4608-675-0x0000000006B20000-0x0000000006B23000-memory.dmp

                      Filesize

                      12KB

                      Download

                    • memory/4608-674-0x0000000010000000-0x0000000010051000-memory.dmp

                      Filesize

                      324KB

                      Download

                    • memory/4608-6-0x00000000008C0000-0x0000000000CA9000-memory.dmp

                      Filesize

                      3.9MB

                      Download