Overview

overview

10

Static

static

10

Battly-Lau...s1.exe

windows7-x64

7

Battly-Lau...s1.exe

windows10-2004-x64

7

$PLUGINSDI...ge.dll

windows7-x64

3

$PLUGINSDI...ge.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Battly Launcher.exe

windows7-x64

1

Battly Launcher.exe

windows10-2004-x64

7

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...zip.js

windows7-x64

3

resources/...zip.js

windows10-2004-x64

3

resources/...der.js

windows7-x64

3

resources/...der.js

windows10-2004-x64

3

resources/...dex.js

windows7-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...der.js

windows7-x64

3

resources/...der.js

windows10-2004-x64

3

resources/...ter.js

windows7-x64

3

resources/...ter.js

windows10-2004-x64

3

resources/...dex.js

windows7-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...ter.js

windows7-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 11:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Battly Launcher.exe

  • Size

    168.1MB

  • MD5

    cf0daf7c7befec7beda4e24c7805c05c

  • SHA1

    bb0644bc24081142c559e930e032720a80e88009

  • SHA256

    e799120b79693d6467e75a1f3a47696b1c4dba12b66a0efc82d5e5ff779ed8f3

  • SHA512

    82215a85b35770d9f74519df25569d3afd7d4a865937ddf52a6cbd92f084edd9c98d1b43b18082e5d0af2afc2537ebb76f8c157ba137243b6496fb5e4b3e8521

  • SSDEEP

    1572864:SQqT4eFUirK1e2zSQ5Rcw/N5cae/bHhrPdacyodvcPSBoHESUlyAzl/:kBKRcAMyAzB

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe
      "C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1732 --field-trial-handle=1736,i,8861558200083328598,1361261081872767490,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      2⤵
        PID:4268
      • C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe
        "C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --mojo-platform-channel-handle=1768 --field-trial-handle=1736,i,8861558200083328598,1361261081872767490,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
        2⤵
          PID:2152
        • C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2476 --field-trial-handle=1736,i,8861558200083328598,1361261081872767490,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
          2⤵
          • Checks computer location settings
          PID:5052
        • C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\Battly Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2120 --field-trial-handle=1736,i,8861558200083328598,1361261081872767490,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
          2⤵
          • Drops file in System32 directory
          • Suspicious behavior: EnumeratesProcesses
          PID:3240

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State
        Filesize

        697B

        MD5

        9c9337988c3692591333507a49e4cc7b

        SHA1

        20117461210f83410eb9eff9f365d5654734b25f

        SHA256

        4fecca5124c99709bf50c9e4a6a8d8ea3a8b54c5c8d80f27016c0656b67e57b5

        SHA512

        e273cf05795b65acdf4cbfe5a1fd5007bae5bff3fafc98a1dafa42b704130c429706369210ff4e447330623091c219a059695306a1c59caf50a98355e988cdb8

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State~RFe58c59d.TMP
        Filesize

        59B

        MD5

        2800881c775077e1c4b6e06bf4676de4

        SHA1

        2873631068c8b3b9495638c865915be822442c8b

        SHA256

        226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

        SHA512

        e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
        Filesize

        2B

        MD5

        f3b25701fe362ec84616a93a45ce9998

        SHA1

        d62636d8caec13f04e28442a0a6fa1afeb024bbb

        SHA256

        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

        SHA512

        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

        Download Submit

      • memory/3240-87-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3240-75-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3240-77-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3240-76-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3240-86-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3240-85-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3240-84-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3240-83-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3240-81-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3240-82-0x00000250E4E50000-0x00000250E4E51000-memory.dmp

        Filesize

        4KB

        Download