Overview

overview

8

Static

static

3

Stand.Laun...2).exe

windows7-x64

Stand.Laun...2).exe

windows10-2004-x64

8

Analysis

  • max time kernel
    48s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 23:49

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Stand.Launchpad (2).exe

  • Size

    74KB

  • MD5

    807c001be05d0e835337cc366aaba56d

  • SHA1

    fcc4fae0461da8f17f8ee274e338bcee97762c4c

  • SHA256

    265d3e48e4a72afdaca712aa3bdee4a6a8676e4080fba1a0920546a14a6100be

  • SHA512

    d867e1624962e6598c2f63f5968713e9dc0a9092867d38e8dc20f469fd6f5bc44196eb287fe0af672ca4c45d217b6b250abf63c493bd690067bb5ca76fc74aab

  • SSDEEP

    768:7/IPeZXaHQBFiFKMXjMlvhmndydfvdZIgiRVe7eFcc5tul5scYhb:MPtYahMBhmnYdZIgCQyOl5scmb

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Stand.Launchpad (2).exe
    "C:\Users\Admin\AppData\Local\Temp\Stand.Launchpad (2).exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2164
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2560
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:752
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1916

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Calamity,_Inc\Stand.Launchpad_(2).exe_Url_h03hxqox2ajtcloehp1mzbinp1w4vir3\1.9.1.0\user.config
        Filesize

        946B

        MD5

        b4ae24f20e59e454d57443d663a7581e

        SHA1

        68ab33e7fcea8bf79d76728fc49338d0d10a12f6

        SHA256

        8409dd0aa292b3bf50903a7ca1a1a0d6697d5c7b0ed3d1c5e43ebdf6f82db074

        SHA512

        25a7cbc382609d298ecaedea567231ac6ba0856bc523550912fd7b8393a29664ad68e9490dff0ff25b18b7a018476798c4df1000ebc99174bb6f2d5604e383f5

        Download Submit

      • C:\Users\Admin\AppData\Local\Calamity,_Inc\Stand.Launchpad_(2).exe_Url_h03hxqox2ajtcloehp1mzbinp1w4vir3\1.9.1.0\user.config
        Filesize

        1KB

        MD5

        4914bef93f236a5cb24b4c07e9d4a98a

        SHA1

        b53f8fb945a449dd8a76d4412c5439b29b929b9e

        SHA256

        0abb6c072277956c8e3d6810dc9d9795544098f46a1fc79ab2e39c3f70d84a5a

        SHA512

        3242dbf1f58263ab1409d558b5ba1846e235da17246f1abbab768ec1ed449367e30c6d17d4986aa117c42ea225e87ff2c438d46765f1b5841e3a5b9b571ccb10

        Download Submit

      • memory/2164-0-0x000007FEF5D23000-0x000007FEF5D24000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2164-1-0x000000013FAD0000-0x000000013FAE6000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2164-2-0x000007FEF5D20000-0x000007FEF670C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2164-5-0x000007FEF5D20000-0x000007FEF670C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2164-8-0x000007FEF5D23000-0x000007FEF5D24000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2164-9-0x000007FEF5D20000-0x000007FEF670C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2164-10-0x000007FEF5D20000-0x000007FEF670C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2164-22-0x000007FEF5D20000-0x000007FEF670C000-memory.dmp

        Filesize

        9.9MB

        Download