624cfc2ba8cc4882fd5aee6a06adca1c2fb481d96538b12f90ce340b7dd8fee0

Resubmissions

02/08/2024, 15:31

240802-sx1d4azckm 3

02/08/2024, 15:28

240802-swnnxazbpm 3

02/08/2024, 15:27

240802-svrdeavajf 3

Analysis

max time kernel
31s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

China/Launcher.exe
Size

22KB
MD5

0f2d903c987a33e7318bbd6cef37b605
SHA1

2cb291c3b6275add94eb80ce285c8948f9e0ed46
SHA256

646b7dee43da0ab57417daef4bd3523ce0eb070c6f2b3ed66bd61a11cb6836cc
SHA512

5cecf228d0f4b7000881e0f5fc26dda3835e79ebbfe2c29524ddb2534f9b5b246203b16224046ec1cc203efe44d4baf5f01260a72be82174541924120ad66db6
SSDEEP

384:5uPJRlNhSP00zehD/G41lI3Vf4f1sH3cP1D23NWqd:gPJRlNhSP00AzhIB4fvPc3cq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 34 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Launcher.exe
Key created	\Registry\User\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\NotificationData	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Launcher.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4700	Launcher.exe

C:\Users\Admin\AppData\Local\Temp\China\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\China\Launcher.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
a164da667a7ee68355f299dbaf1f458c

SHA1
65df14775e2194371b904933ff496562dc47ee2c

SHA256
da3715b15d9910955d01a263d19f569eeca31165a8bc0eb0025a33ce7089f949

SHA512
90c6ff2ad6598e9197b096833bdfd98e86e3dfd1beed447b29094ca586f06a18593cb351bdd73199b3a65ec887247cf0041f3cee08775c499ff33acc2ab06941

Download Submit