2e16953cd6445d754b38f654a83ba81d7f34598b23882ca14f40f1ef88e64242 | Triage

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 12:17

Sharing

Report Analysis Logs

General

Target

BlackLauncher.exe
Size

66.0MB
MD5

9af3e6d9cde373f8f514fc69439c5cab
SHA1

8349cdcfcdb3b081253e733b93e71f0e7c94d0ef
SHA256

1d80f6a688af15e12116f444d8da85be020a3393aeaab885e4d0f8589ac23dc0
SHA512

b66c9878cce829eea3467eaa8255f2752de8db2de33b8a525f2cbd886728a95d16173ed0132bc30e69da6a352952b437e1953ba84786ad3b178293abcce49550
SSDEEP

393216:1qCKJWr646m8GH5y4SVFY+L/I5glN7tFL+fzqdqhuQjPLzXq:1qCKJWr36PGZpSVFh/aglNpg7jPq

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3028	BlackLauncher.exe
3028	BlackLauncher.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2688	3028	BlackLauncher.exe	30
PID 3028 wrote to memory of 2688	3028	BlackLauncher.exe	30
PID 3028 wrote to memory of 2688	3028	BlackLauncher.exe	30

C:\Users\Admin\AppData\Local\Temp\BlackLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\BlackLauncher.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3028 -s 192
  2⤵
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-1-0x000000013FFB0000-0x0000000144312000-memory.dmp

Filesize
67.4MB

Download