Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Flarial.Launcher.exe

windows7-x64

1

Flarial.Launcher.exe

windows10-2004-x64

8

Flarial.Minimal.exe

windows7-x64

6

Flarial.Minimal.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2024, 20:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Flarial.Launcher.exe

  • Size

    220.1MB

  • MD5

    7ed175b5d2d520c969169c79da48105c

  • SHA1

    88680faf5a74f8ec70e398a0c4185c821ebbecf4

  • SHA256

    5558301f81bb5514bad249d94bfef2170847857b748b23ba72c1fefcdda5d773

  • SHA512

    7413c7353a1c35c33beb141a41ee35b1ec9a7d42dfd90fc2bb2bbe958a62cf96b2c96bcca8ac9fd0a5bdccdb4bd2d7eaed08a005ee1068d1bfac3d5c60c1029f

  • SSDEEP

    1572864:RPKf3YHOOksN7FIUo1tVj786tRjc4KI4j4Pnr:RSf3YRkURIUo1tVj782iTcz

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Flarial.Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Flarial.Launcher.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\.net\Flarial.Launcher\Ac+Ns1XUAP6HkPQEaOzed87zuAZxVhc=\D3DCompiler_47_cor3.dll
    Filesize

    4.7MB

    MD5

    a7349236212b0e5cec2978f2cfa49a1a

    SHA1

    5abb08949162fd1985b89ffad40aaf5fc769017e

    SHA256

    a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082

    SHA512

    c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\Flarial.Launcher\Ac+Ns1XUAP6HkPQEaOzed87zuAZxVhc=\PresentationNative_cor3.dll
    Filesize

    1.2MB

    MD5

    7d1615f573257a22895081a4d5c6cc0a

    SHA1

    c7d5bf31e6d53eca990f7a663a87ebacd89b5aed

    SHA256

    ddb6caa919d51b6cc56e19ed5d064bb04b2fee9028564b518ad06665ab8b0683

    SHA512

    096dafed275df9e1ea7dbd29b11dc0230e0c894bcc562f7c9c84c7a45276d762056fbdf1da69b0b1de4c4b753374ff1d6901fcb764041de206fdab107676e869

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\Flarial.Launcher\Ac+Ns1XUAP6HkPQEaOzed87zuAZxVhc=\wpfgfx_cor3.dll
    Filesize

    1.9MB

    MD5

    7a1720a45222e117b13279e82f321a46

    SHA1

    9d1f67358ec757ef07bf927961d44358df919c3b

    SHA256

    6b8293689658d9b78507eb9e463ff03acc3eca2d8365d6f505f2cc4a22017c85

    SHA512

    0dd702be97679a6a815ea57efcc052727745915ac84af53c78871a3e1944a4502946b561fe9b4fae94176d1a8641108e4c79b6fb572041bf25f030f82fff2abf

    Download Submit