Overview

overview

5

Static

static

3

BlackLauncher.bin.exe

windows7-x64

1

BlackLauncher.bin.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 19:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    BlackLauncher.bin.exe

  • Size

    66.0MB

  • MD5

    9af3e6d9cde373f8f514fc69439c5cab

  • SHA1

    8349cdcfcdb3b081253e733b93e71f0e7c94d0ef

  • SHA256

    1d80f6a688af15e12116f444d8da85be020a3393aeaab885e4d0f8589ac23dc0

  • SHA512

    b66c9878cce829eea3467eaa8255f2752de8db2de33b8a525f2cbd886728a95d16173ed0132bc30e69da6a352952b437e1953ba84786ad3b178293abcce49550

  • SSDEEP

    393216:1qCKJWr646m8GH5y4SVFY+L/I5glN7tFL+fzqdqhuQjPLzXq:1qCKJWr36PGZpSVFh/aglNpg7jPq

Score
5/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Start PowerShell.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BlackLauncher.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\BlackLauncher.bin.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -Command " Start-Process -FilePath 'C:/Users/Admin/AppData/Local/Temp/BlackLauncher.bin.exe' -ArgumentList '--rendering-driver opengl3 --admin-requested' -Verb RunAs "
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3872
      • C:\Users\Admin\AppData\Local\Temp\BlackLauncher.bin.exe
        "C:\Users\Admin\AppData\Local\Temp\BlackLauncher.bin.exe" --rendering-driver opengl3 --admin-requested
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:1488
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3f4 0x300
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1884

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1ndd5ecq.qiy.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Godot\app_userdata\NewLauncher\shader_cache\CanvasShaderGLES3\4e9e83ef92cfe6b6881057f0e41e775d2f0a3ea470fb34af487edaa273c90c2c\fa7b62523470356194bdf709eb2639ab149a07cc.cache
          Filesize

          128KB

          MD5

          31493e258a21680bcb8e57ae1db77eaa

          SHA1

          bdef2bb9c4d5118bf65206e2109ba9af47a7c2bb

          SHA256

          f9807566566182192ee7f47955d9e2cde5aecda8380e4923c860afe75ac82127

          SHA512

          0254415318c4e90fb5c88b900939ce546be2964860be6fe117cd8c3ca8d53379dd21f512cf3aa8d5027debb61685cd6739b63dc1f52b6e0e862f2c1cdac921fa

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Godot\app_userdata\NewLauncher\shader_cache\CopyShaderGLES3\f8827df5e23db5bc636a3d6c081f1b5ec27655db61c9d942fd9b2364a6b58de7\fa7b62523470356194bdf709eb2639ab149a07cc.cache
          Filesize

          60KB

          MD5

          b5e157aabf1ad8173f58afc808372572

          SHA1

          686897130946b9fc563fcbaf43ecf4ddff130648

          SHA256

          808932f74dbcf687842cbfa4428b80d2f9fe51a9ce4f829700f5e104f1245393

          SHA512

          4c199408bb17cd31b9ee9945cb1ace5ab6898bf0f9ada2f903867a96736097def1c1bcdf030b7d5f7545ab0086bf70e0fb61de9df727e180704322b73cd3727e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Godot\app_userdata\NewLauncher\shader_cache\SceneShaderGLES3\fde6c2cbcc2ec71d9bf0aaa797b35a71635bb92f1057da48e6e13d5058805d9c\fa7b62523470356194bdf709eb2639ab149a07cc.cache
          Filesize

          343KB

          MD5

          858c90cf6f469533fa56359a33e91580

          SHA1

          97811818c89d34fe907bac6f49690b88b4d43a66

          SHA256

          0ec2129e8e633e289ec86ea0ebe1537067cb3f153aa13a58aaadfec1f9c1a9a5

          SHA512

          1cb99b324a4b4ee389afa8ca5428a49c03ed73159509697d5e380763f40e1abece7a130aff7e8e486316c69ffca6e00d6c5184957a9e12d916dca26394f71c53

          Download Submit

        • memory/1488-45-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-47-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-42-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-43-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-44-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-55-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-46-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-54-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-48-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-49-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-50-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-51-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-52-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/1488-53-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/2160-36-0x00007FF63C560000-0x00007FF6408C2000-memory.dmp

          Filesize

          67.4MB

          Download

        • memory/3872-22-0x000002312CDA0000-0x000002312CDC2000-memory.dmp

          Filesize

          136KB

          Download