Overview

overview

10

Static

static

10

TeamsLauncher.exe

windows7-x64

10

TeamsLauncher.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-09-2024 03:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TeamsLauncher.exe

  • Size

    403KB

  • MD5

    fdd2eda543063b87a6a51287f6095baa

  • SHA1

    21355867dbdac7f076c552e0738c3e85525ea61c

  • SHA256

    7e92d20062595d11cf5ebc076fd06d1af804043ff13e82fd4872e7501490c8ac

  • SHA512

    2a5dcd9b9308273c187dd57b26162990c567a62605c2f5ab5864e780fb452746a12df1af9b892f116e8f810585bb3ac54b29a27bb8023f937739b1f0e8897a36

  • SSDEEP

    1536:GYeNWLFFhmZLOol7Z3j//M5StqzZw9ep3RrpgcVFveptXjaOBatKx9O7Z3O//MHj:3eN2ql7Z3j3M94sFGPjayC7Z3O3M5N

Score
10/10
purelogstealerstealer

Malware Config

Signatures

  • PureLog Stealer

    PureLog Stealer is an infostealer written in C#.

    stealerpurelogstealer
  • PureLog Stealer payload 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TeamsLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\TeamsLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2756 -s 584
      2⤵
        PID:2672

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2756-0-0x000007FEF5F23000-0x000007FEF5F24000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2756-1-0x000000013F500000-0x000000013F568000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2756-2-0x000007FEF5F20000-0x000007FEF690C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2756-3-0x00000000002D0000-0x00000000002E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2756-4-0x000007FEF5F23000-0x000007FEF5F24000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2756-5-0x000007FEF5F20000-0x000007FEF690C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2756-6-0x000007FEF5F20000-0x000007FEF690C000-memory.dmp

      Filesize

      9.9MB

      Download