624cfc2ba8cc4882fd5aee6a06adca1c2fb481d96538b12f90ce340b7dd8fee0

Resubmissions

02/08/2024, 15:31

240802-sx1d4azckm 3

02/08/2024, 15:28

240802-swnnxazbpm 3

02/08/2024, 15:27

240802-svrdeavajf 3

Analysis

max time kernel
101s
max time network
98s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Global/Launcher.exe
Size

22KB
MD5

4c8f3a1e15f370ca8afe2992902a6e98
SHA1

dc6324d924ac31bea4ad7e4dd6720ecdad3877dd
SHA256

dcdc72549f7ad41cc860738adbeee5e44f02222415fd84ed5c92538ac9049b92
SHA512

b63c4e48f3024edcf1e1391b5df6ff65fc5111849eb093b429fa0f21c03339dbaeff835f18e250758498f3432874b85348530e47b2ada93f6f68615a5ccf66c0
SSDEEP

384:fuPJRlNhSP00zehDDG41lI3Vf4f1s/3UP1D23NWqd:WPJRlNhSP00A3hIB4fbPc3cq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a00000002e37a3569cced2119f0e006097c686f60700000028000000e0859ff2f94f6810ab9108002b27b3d902000000a00000002e37a3569cced2119f0e006097c686f602000000780000002e37a3569cced2119f0e006097c686f60400000088000000	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "3"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupView = "0"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 040000000200000005000000010000000000000003000000ffffffff	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0"	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "8"	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Music"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByKey:PID = "0"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "7"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\IconSize = "16"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000e3df0d67abe2da01af95c123b0e2da01dd7b6824b0e2da0114000000	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\LogicalViewMode = "1"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3"	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByDirection = "1"	Launcher.exe
Key created	\Registry\User\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\NotificationData	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\Mode = "4"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776659506-1086196776-2558631079-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Launcher.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2344	Launcher.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe
2344	Launcher.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2344	Launcher.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 3140	2344	Launcher.exe	83
PID 2344 wrote to memory of 3140	2344	Launcher.exe	83

C:\Users\Admin\AppData\Local\Temp\Global\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Global\Launcher.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:3140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Filesize
7KB

MD5
1bccf43ba4ffb00bffd57b98e226d374

SHA1
c9f1d86bc6f38d2becd6935de0bdc857b322a8ea

SHA256
28806d29dddfff42ba4c9bcc55219efb3f25f974df058c07983a8430260b6327

SHA512
3025d0949aacb700b608ae0072cee93d976b37ff6c9f7bab5fcbb2ff76e781546ae2d8fb57b5a39ea78a850d5e4083c9576ee89b59e42d6c87f674255f69c40b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Filesize
7KB

MD5
e2fdbb7a3172cdf80b753caaa408c9d4

SHA1
019620ca7f321cbf455bfa23a934766a895cc4ed

SHA256
bddb404a40b735add3ce20d53309dd6464c31d9c68f42393fc05dcd2c6e38461

SHA512
f94ec08e8c9ef716c7af2107980d0efb8db44fde3fe3c27dac89da5a67df8a2e6b9a9bc8679a350d1312cb7fafaca45fb0a499745e53fce53e0c534dc735eb02

Download Submit