88c58b9843c1d6efb9794248800f784f4e2d8f568d031325f86f6f86ea433188 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

launcher-matrix.exe

windows7-x64

5

launcher-matrix.exe

windows10-2004-x64

8

Resubmissions

13-07-2024 23:33

240713-3js3za1bnr 8

13-07-2024 23:29

240713-3g2x4atald 5

Sharing

General

Target

launcher-matrix.exe
Size

1.0MB
Sample

240713-3js3za1bnr
MD5

2233b9847d3e48b00de43fcfff7e9561
SHA1

7b9e8f65f21ca4cd135cc9a8eaee8f904829b663
SHA256

88c58b9843c1d6efb9794248800f784f4e2d8f568d031325f86f6f86ea433188
SHA512

eb43aaf8e75c89b14c476a384dffbeb2220deb35871e7280fe7a60efc0834d2f14d16e444c811485ed107b0dbde07888669e6cd16f1660ae89b42c9ae72c66ca
SSDEEP

24576:PJbz+4Yn3lEz1mbAWn0o/lomzzRR8sdL0lDA:P04Yn1EziGYl1nRR8sdwD

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

launcher-matrix.exe

Resource

win7-20240708-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

launcher-matrix.exe

Resource

win10v2004-20240709-en

discovery evasion persistence privilege_escalation trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  launcher-matrix.exe
- Size
  
  1.0MB
- MD5
  
  2233b9847d3e48b00de43fcfff7e9561
- SHA1
  
  7b9e8f65f21ca4cd135cc9a8eaee8f904829b663
- SHA256
  
  88c58b9843c1d6efb9794248800f784f4e2d8f568d031325f86f6f86ea433188
- SHA512
  
  eb43aaf8e75c89b14c476a384dffbeb2220deb35871e7280fe7a60efc0834d2f14d16e444c811485ed107b0dbde07888669e6cd16f1660ae89b42c9ae72c66ca
- SSDEEP
  
  24576:PJbz+4Yn3lEz1mbAWn0o/lomzzRR8sdL0lDA:P04Yn1EziGYl1nRR8sdwD
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy