43d005cf6b3c5883e6a5bca5aa4863ad46477b0b79f68dc0a907dd8cfaf280e2

Analysis

max time kernel
15s
max time network
17s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-10-2024 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sorillus-Launcher v1.1.exe
Size

1.2MB
MD5

85cecea8cd99baa57decdeddd6c7f800
SHA1

43af40ab8eb41cb02fed8d223c5098e2fb15c2d8
SHA256

43d005cf6b3c5883e6a5bca5aa4863ad46477b0b79f68dc0a907dd8cfaf280e2
SHA512

d104dae2510cbe79a2b7a21e7156d80ed2a131ef701204590f8e739145ffa8c9cf1985c9f1360816788e62ff378ef3b7c80c7badec66e65fd30364f0ee0f633a
SSDEEP

24576:vPZl0enBpHMy5zUdw4GRqemkilngx69BVx2YqXId228r9AtyeeSyj:wSGy5zOw4hVh10W4Y+r9Aty/

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
5088	javaw.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sorillus-Launcher v1.1.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3832	wmic.exe
Token: SeSecurityPrivilege	3832	wmic.exe
Token: SeTakeOwnershipPrivilege	3832	wmic.exe
Token: SeLoadDriverPrivilege	3832	wmic.exe
Token: SeSystemProfilePrivilege	3832	wmic.exe
Token: SeSystemtimePrivilege	3832	wmic.exe
Token: SeProfSingleProcessPrivilege	3832	wmic.exe
Token: SeIncBasePriorityPrivilege	3832	wmic.exe
Token: SeCreatePagefilePrivilege	3832	wmic.exe
Token: SeBackupPrivilege	3832	wmic.exe
Token: SeRestorePrivilege	3832	wmic.exe
Token: SeShutdownPrivilege	3832	wmic.exe
Token: SeDebugPrivilege	3832	wmic.exe
Token: SeSystemEnvironmentPrivilege	3832	wmic.exe
Token: SeRemoteShutdownPrivilege	3832	wmic.exe
Token: SeUndockPrivilege	3832	wmic.exe
Token: SeManageVolumePrivilege	3832	wmic.exe
Token: 33	3832	wmic.exe
Token: 34	3832	wmic.exe
Token: 35	3832	wmic.exe
Token: 36	3832	wmic.exe
Token: SeIncreaseQuotaPrivilege	3832	wmic.exe
Token: SeSecurityPrivilege	3832	wmic.exe
Token: SeTakeOwnershipPrivilege	3832	wmic.exe
Token: SeLoadDriverPrivilege	3832	wmic.exe
Token: SeSystemProfilePrivilege	3832	wmic.exe
Token: SeSystemtimePrivilege	3832	wmic.exe
Token: SeProfSingleProcessPrivilege	3832	wmic.exe
Token: SeIncBasePriorityPrivilege	3832	wmic.exe
Token: SeCreatePagefilePrivilege	3832	wmic.exe
Token: SeBackupPrivilege	3832	wmic.exe
Token: SeRestorePrivilege	3832	wmic.exe
Token: SeShutdownPrivilege	3832	wmic.exe
Token: SeDebugPrivilege	3832	wmic.exe
Token: SeSystemEnvironmentPrivilege	3832	wmic.exe
Token: SeRemoteShutdownPrivilege	3832	wmic.exe
Token: SeUndockPrivilege	3832	wmic.exe
Token: SeManageVolumePrivilege	3832	wmic.exe
Token: 33	3832	wmic.exe
Token: 34	3832	wmic.exe
Token: 35	3832	wmic.exe
Token: 36	3832	wmic.exe
Token: SeIncreaseQuotaPrivilege	2796	wmic.exe
Token: SeSecurityPrivilege	2796	wmic.exe
Token: SeTakeOwnershipPrivilege	2796	wmic.exe
Token: SeLoadDriverPrivilege	2796	wmic.exe
Token: SeSystemProfilePrivilege	2796	wmic.exe
Token: SeSystemtimePrivilege	2796	wmic.exe
Token: SeProfSingleProcessPrivilege	2796	wmic.exe
Token: SeIncBasePriorityPrivilege	2796	wmic.exe
Token: SeCreatePagefilePrivilege	2796	wmic.exe
Token: SeBackupPrivilege	2796	wmic.exe
Token: SeRestorePrivilege	2796	wmic.exe
Token: SeShutdownPrivilege	2796	wmic.exe
Token: SeDebugPrivilege	2796	wmic.exe
Token: SeSystemEnvironmentPrivilege	2796	wmic.exe
Token: SeRemoteShutdownPrivilege	2796	wmic.exe
Token: SeUndockPrivilege	2796	wmic.exe
Token: SeManageVolumePrivilege	2796	wmic.exe
Token: 33	2796	wmic.exe
Token: 34	2796	wmic.exe
Token: 35	2796	wmic.exe
Token: 36	2796	wmic.exe
Token: SeIncreaseQuotaPrivilege	2796	wmic.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5088	javaw.exe
5088	javaw.exe
5088	javaw.exe
5088	javaw.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 5088	1080	Sorillus-Launcher v1.1.exe	79
PID 1080 wrote to memory of 5088	1080	Sorillus-Launcher v1.1.exe	79
PID 5088 wrote to memory of 3832	5088	javaw.exe	80
PID 5088 wrote to memory of 3832	5088	javaw.exe	80
PID 5088 wrote to memory of 2796	5088	javaw.exe	83
PID 5088 wrote to memory of 2796	5088	javaw.exe	83

C:\Users\Admin\AppData\Local\Temp\Sorillus-Launcher v1.1.exe
"C:\Users\Admin\AppData\Local\Temp\Sorillus-Launcher v1.1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Djavafx.animation.fullspeed=true -jar "C:\Users\Admin\AppData\Local\Temp\Sorillus-Launcher v1.1.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5088
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get UUID
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3832
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get UUID
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4680266763700.dll

Filesize
9KB

MD5
b0366e31f3704da1e9552633a07f77db

SHA1
fd3058cc08a5e00b56301dc44e0e05854a5e55ea

SHA256
18f1f5afec89f152afe1c57cffe9a77c158d840f6e00ec7a343b685caa3d8853

SHA512
d8e621eb9b15103a70544affbd7e3fdf52fe14bdae754fd9551508ed8785d53b6205082de41a575acffe5d1c80d419eda16d79834fdbad9cc8df798dcaa4eaa4

Download Submit
memory/1080-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5088-3-0x000002380C9B0000-0x000002380CC20000-memory.dmp

Filesize
2.4MB

Download
memory/5088-15-0x000002380B120000-0x000002380B121000-memory.dmp

Filesize
4KB

Download
memory/5088-18-0x000002380CC20000-0x000002380CC30000-memory.dmp

Filesize
64KB

Download
memory/5088-19-0x000002380CC30000-0x000002380CC40000-memory.dmp

Filesize
64KB

Download
memory/5088-21-0x000002380CC40000-0x000002380CC50000-memory.dmp

Filesize
64KB

Download
memory/5088-23-0x000002380CC50000-0x000002380CC60000-memory.dmp

Filesize
64KB

Download
memory/5088-26-0x000002380CC60000-0x000002380CC70000-memory.dmp

Filesize
64KB

Download
memory/5088-27-0x000002380CC70000-0x000002380CC80000-memory.dmp

Filesize
64KB

Download
memory/5088-29-0x000002380CC80000-0x000002380CC90000-memory.dmp

Filesize
64KB

Download
memory/5088-31-0x000002380CC90000-0x000002380CCA0000-memory.dmp

Filesize
64KB

Download
memory/5088-33-0x000002380CCA0000-0x000002380CCB0000-memory.dmp

Filesize
64KB

Download
memory/5088-39-0x000002380CC20000-0x000002380CC30000-memory.dmp

Filesize
64KB

Download
memory/5088-38-0x000002380CCC0000-0x000002380CCD0000-memory.dmp

Filesize
64KB

Download
memory/5088-37-0x000002380CCB0000-0x000002380CCC0000-memory.dmp

Filesize
64KB

Download
memory/5088-36-0x000002380C9B0000-0x000002380CC20000-memory.dmp

Filesize
2.4MB

Download
memory/5088-42-0x000002380CCD0000-0x000002380CCE0000-memory.dmp

Filesize
64KB

Download
memory/5088-41-0x000002380CC30000-0x000002380CC40000-memory.dmp

Filesize
64KB

Download
memory/5088-44-0x000002380CC40000-0x000002380CC50000-memory.dmp

Filesize
64KB

Download
memory/5088-45-0x000002380CCE0000-0x000002380CCF0000-memory.dmp

Filesize
64KB

Download
memory/5088-48-0x000002380CCF0000-0x000002380CD00000-memory.dmp

Filesize
64KB

Download
memory/5088-47-0x000002380CC50000-0x000002380CC60000-memory.dmp

Filesize
64KB

Download
memory/5088-50-0x000002380CC60000-0x000002380CC70000-memory.dmp

Filesize
64KB

Download
memory/5088-51-0x000002380CD00000-0x000002380CD10000-memory.dmp

Filesize
64KB

Download
memory/5088-54-0x000002380CD10000-0x000002380CD20000-memory.dmp

Filesize
64KB

Download
memory/5088-53-0x000002380CC70000-0x000002380CC80000-memory.dmp

Filesize
64KB

Download
memory/5088-61-0x000002380CC90000-0x000002380CCA0000-memory.dmp

Filesize
64KB

Download
memory/5088-63-0x000002380CD40000-0x000002380CD50000-memory.dmp

Filesize
64KB

Download
memory/5088-62-0x000002380CCA0000-0x000002380CCB0000-memory.dmp

Filesize
64KB

Download
memory/5088-66-0x000002380CD50000-0x000002380CD60000-memory.dmp

Filesize
64KB

Download
memory/5088-65-0x000002380CCB0000-0x000002380CCC0000-memory.dmp

Filesize
64KB

Download
memory/5088-60-0x000002380CD30000-0x000002380CD40000-memory.dmp

Filesize
64KB

Download
memory/5088-59-0x000002380CD20000-0x000002380CD30000-memory.dmp

Filesize
64KB

Download
memory/5088-57-0x000002380CC80000-0x000002380CC90000-memory.dmp

Filesize
64KB

Download
memory/5088-69-0x000002380CCC0000-0x000002380CCD0000-memory.dmp

Filesize
64KB

Download
memory/5088-70-0x000002380CD60000-0x000002380CD70000-memory.dmp

Filesize
64KB

Download
memory/5088-76-0x000002380CD70000-0x000002380CD80000-memory.dmp

Filesize
64KB

Download
memory/5088-75-0x000002380CCD0000-0x000002380CCE0000-memory.dmp

Filesize
64KB

Download
memory/5088-80-0x000002380CD80000-0x000002380CD90000-memory.dmp

Filesize
64KB

Download
memory/5088-79-0x000002380CCE0000-0x000002380CCF0000-memory.dmp

Filesize
64KB

Download
memory/5088-82-0x000002380CCF0000-0x000002380CD00000-memory.dmp

Filesize
64KB

Download
memory/5088-83-0x000002380CD90000-0x000002380CDA0000-memory.dmp

Filesize
64KB

Download
memory/5088-86-0x000002380CDA0000-0x000002380CDB0000-memory.dmp

Filesize
64KB

Download
memory/5088-85-0x000002380CD00000-0x000002380CD10000-memory.dmp

Filesize
64KB

Download
memory/5088-89-0x000002380CDB0000-0x000002380CDC0000-memory.dmp

Filesize
64KB

Download
memory/5088-88-0x000002380CD10000-0x000002380CD20000-memory.dmp

Filesize
64KB

Download
memory/5088-93-0x000002380CDC0000-0x000002380CDD0000-memory.dmp

Filesize
64KB

Download
memory/5088-92-0x000002380CD30000-0x000002380CD40000-memory.dmp

Filesize
64KB

Download
memory/5088-95-0x000002380CDD0000-0x000002380CDE0000-memory.dmp

Filesize
64KB

Download
memory/5088-91-0x000002380CD20000-0x000002380CD30000-memory.dmp

Filesize
64KB

Download
memory/5088-98-0x000002380CD40000-0x000002380CD50000-memory.dmp

Filesize
64KB

Download
memory/5088-99-0x000002380CDE0000-0x000002380CDF0000-memory.dmp

Filesize
64KB

Download
memory/5088-100-0x000002380B120000-0x000002380B121000-memory.dmp

Filesize
4KB

Download
memory/5088-104-0x000002380CDF0000-0x000002380CE00000-memory.dmp

Filesize
64KB

Download
memory/5088-103-0x000002380CD50000-0x000002380CD60000-memory.dmp

Filesize
64KB

Download
memory/5088-113-0x000002380CD70000-0x000002380CD80000-memory.dmp

Filesize
64KB

Download
memory/5088-112-0x000002380CE10000-0x000002380CE20000-memory.dmp

Filesize
64KB

Download
memory/5088-111-0x000002380CE00000-0x000002380CE10000-memory.dmp

Filesize
64KB

Download
memory/5088-110-0x000002380CD60000-0x000002380CD70000-memory.dmp

Filesize
64KB

Download
memory/5088-121-0x000002380CD80000-0x000002380CD90000-memory.dmp

Filesize
64KB

Download
memory/5088-123-0x000002380CE20000-0x000002380CE30000-memory.dmp

Filesize
64KB

Download
memory/5088-129-0x000002380CD90000-0x000002380CDA0000-memory.dmp

Filesize
64KB

Download
memory/5088-130-0x000002380CE30000-0x000002380CE40000-memory.dmp

Filesize
64KB

Download
memory/5088-133-0x000002380CE40000-0x000002380CE50000-memory.dmp

Filesize
64KB

Download
memory/5088-132-0x000002380CDA0000-0x000002380CDB0000-memory.dmp

Filesize
64KB

Download
memory/5088-135-0x000002380CDB0000-0x000002380CDC0000-memory.dmp

Filesize
64KB

Download
memory/5088-136-0x000002380CE50000-0x000002380CE60000-memory.dmp

Filesize
64KB

Download
memory/5088-139-0x000002380CE60000-0x000002380CE70000-memory.dmp

Filesize
64KB

Download
memory/5088-138-0x000002380CDC0000-0x000002380CDD0000-memory.dmp

Filesize
64KB

Download
memory/5088-141-0x000002380B120000-0x000002380B121000-memory.dmp

Filesize
4KB

Download
memory/5088-142-0x000002380CDD0000-0x000002380CDE0000-memory.dmp

Filesize
64KB

Download
memory/5088-143-0x000002380CE70000-0x000002380CE80000-memory.dmp

Filesize
64KB

Download
memory/5088-147-0x000002380CDE0000-0x000002380CDF0000-memory.dmp

Filesize
64KB

Download
memory/5088-150-0x000002380CDF0000-0x000002380CE00000-memory.dmp

Filesize
64KB

Download
memory/5088-149-0x000002380CE90000-0x000002380CEA0000-memory.dmp

Filesize
64KB

Download
memory/5088-148-0x000002380CE80000-0x000002380CE90000-memory.dmp

Filesize
64KB

Download
memory/5088-152-0x000002380CE00000-0x000002380CE10000-memory.dmp

Filesize
64KB

Download
memory/5088-154-0x000002380CEA0000-0x000002380CEB0000-memory.dmp

Filesize
64KB

Download
memory/5088-153-0x000002380CE10000-0x000002380CE20000-memory.dmp

Filesize
64KB

Download
memory/5088-156-0x000002380CEB0000-0x000002380CEC0000-memory.dmp

Filesize
64KB

Download
memory/5088-160-0x000002380CEC0000-0x000002380CED0000-memory.dmp

Filesize
64KB

Download
memory/5088-159-0x000002380CE20000-0x000002380CE30000-memory.dmp

Filesize
64KB

Download
memory/5088-163-0x000002380CED0000-0x000002380CEE0000-memory.dmp

Filesize
64KB

Download
memory/5088-162-0x000002380CE30000-0x000002380CE40000-memory.dmp

Filesize
64KB

Download
memory/5088-164-0x000002380B120000-0x000002380B121000-memory.dmp

Filesize
4KB

Download
memory/5088-167-0x000002380CEE0000-0x000002380CEF0000-memory.dmp

Filesize
64KB

Download
memory/5088-166-0x000002380CE40000-0x000002380CE50000-memory.dmp

Filesize
64KB

Download
memory/5088-169-0x000002380CE50000-0x000002380CE60000-memory.dmp

Filesize
64KB

Download
memory/5088-171-0x000002380CE60000-0x000002380CE70000-memory.dmp

Filesize
64KB

Download
memory/5088-172-0x000002380CEF0000-0x000002380CF00000-memory.dmp

Filesize
64KB

Download
memory/5088-173-0x000002380B120000-0x000002380B121000-memory.dmp

Filesize
4KB

Download
memory/5088-175-0x000002380CE70000-0x000002380CE80000-memory.dmp

Filesize
64KB

Download
memory/5088-176-0x000002380CF00000-0x000002380CF10000-memory.dmp

Filesize
64KB

Download
memory/5088-178-0x000002380CE80000-0x000002380CE90000-memory.dmp

Filesize
64KB

Download
memory/5088-179-0x000002380CE90000-0x000002380CEA0000-memory.dmp

Filesize
64KB

Download
memory/5088-181-0x000002380CF10000-0x000002380CF20000-memory.dmp

Filesize
64KB

Download
memory/5088-183-0x000002380CEA0000-0x000002380CEB0000-memory.dmp

Filesize
64KB

Download
memory/5088-186-0x000002380CEB0000-0x000002380CEC0000-memory.dmp

Filesize
64KB

Download
memory/5088-187-0x000002380CF20000-0x000002380CF30000-memory.dmp

Filesize
64KB

Download
memory/5088-189-0x000002380CEC0000-0x000002380CED0000-memory.dmp

Filesize
64KB

Download
memory/5088-190-0x000002380CF30000-0x000002380CF40000-memory.dmp

Filesize
64KB

Download
memory/5088-192-0x000002380CED0000-0x000002380CEE0000-memory.dmp

Filesize
64KB

Download
memory/5088-237-0x000002380B120000-0x000002380B121000-memory.dmp

Filesize
4KB

Download
memory/5088-239-0x000002380B120000-0x000002380B121000-memory.dmp

Filesize
4KB

Download
memory/5088-264-0x000002380B120000-0x000002380B121000-memory.dmp

Filesize
4KB

Download