Resubmissions
15-10-2024 12:09
241015-pbyrlatbna 815-10-2024 12:06
241015-n98tsatapf 315-10-2024 11:58
241015-n5mqrasgnb 10Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
15-10-2024 12:06
General
-
Target
TLauncher.exe
-
Size
8.9MB
-
MD5
505731086d2f448e68c025a7003efe00
-
SHA1
e8358cf87df55712a7b6998d1816e94b57f3b7c1
-
SHA256
978dfe8f0fbb57398366e2302055b58fa641258f53db6909fca2b5a1e87ff3c5
-
SHA512
856ad2f0caa72c15b20831c7e1d8917329907381e1e95ce470ff3592755804cc17cd507c105d49fdecbc418a2c3f2b01e1be2ce15dc981aeb7f39ce2889cb4d4
-
SSDEEP
196608:vRAQAHQHWFm5kAiFWnuf6J/+Ift24xJN+vwvasDU6sU0s:LUn6nDJ/+v4xJprUB4
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 57 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"2⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffc9e46cc40,0x7ffc9e46cc4c,0x7ffc9e46cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1752 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2236 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2496 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4080,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5108,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4876,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4048,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3516,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5200,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5412,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5420,i,15796877134658432206,1521153677686259904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD59dceccecbcc111f09593c01c2d4d796e
SHA1d59e22efe52215a104a1d362c43f82d38a074239
SHA2561678deb71d85749afbac226e1c2487c26bf6c7f506c169f8c9e888d2e0411060
SHA512250ff729c1ffbee164d57b1818ee65579c515d091c340a79611e50740502488a9678913268b677558b80354e2ad80473b530e2ddc834ccfe2d15904c3d394982
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5f0b700aa2d82986f6fd92602bcab5706
SHA145814eec12b1929b9ef3db2165e1ceabeb0391aa
SHA256ed7a4f3b05e2084889041036e9511f2a22c3472da1412da0948f667db2468cbb
SHA5122d2dce1a965b640bca4c9f28a4754cccd6f2b8d3ab3cf3f092bc59c3265bb80fe85098698c47b756c4960f17971c6dd7af4e8dd07868d541597e36923a8c61ff
-
Filesize
524B
MD5df04ed160fd7d89bbafc974d46f5f848
SHA13bf4cb08bae01e3581ffc7419bea3f54464c4c65
SHA256229d6fdc46eb14944b287b7e63fe4ab2c22a0790cdbd6a338b5bbd7915279073
SHA512017a66fac5abbd81275f2c33e71b63f2ba5582820086795ad6a5b1b6bd3f6bec02071878086455fae10cac2997968254efad1f9a9b2f3b9c4fdb726391c5855b
-
Filesize
356B
MD5f788358c9e0b9822efbadd5ae53d0484
SHA10887399e27c23d4965bf92d3b5053651a419440a
SHA256ae4136f8d6818e152484563515a30b297b382a8f316eda2703b3b7327892e686
SHA512fd1aa6c45f523f44520fbcdf44d7b8995db46f04154107c8a2ae24a25d03c9d5e4b11478310246fab124f5c8afa73d5b4ea8f89f116346ffcd0d2d5f3d8e7daf
-
Filesize
9KB
MD50831cdaf71991fec48700f9560659693
SHA1afc4bcaa94fa737696aa32bdaf7cf4f8dde983a8
SHA256affe509131c38e82c292b80b71983754e24f7f7e848eb090dd8fd086054060b8
SHA51294dd6fdbeaf3d82812b2826fcfa7af54fa67798ce5e159dccd66f80d16f001067baf27932ad222c6a4c3dd9a68bdf3312ebbfb782e49f2c909bc915153944515
-
Filesize
9KB
MD56fe9691d039ad2d361377d51a32bf570
SHA1e26fb0d54131b4c116fc5b49ce63c69339c613d0
SHA25606f2aafe1d803cb7af32b877191c35065bcf83b02ceca5168f382831cf216c92
SHA51245ddc5b985d87a955d14180c7a431128752dd6d75195f29892e64c047acecda490555c5ad1c814646ed4a31a2d3120266438f58f52e4e3ae48e742eae197432d
-
Filesize
9KB
MD580507a12a96c87b01dbafd163c17999f
SHA163087a3cad994a839ba99d5c68206dad89a2c0f8
SHA256d45870e0d9987c20a85836dcb40846e383d4221626fa5194d20384b78b798b28
SHA5128961b39e74fc6ed0acc4f323971aa556da9e76092bc645daef02cdc40649b54e59c08e5b4e979b361781331aab2fc7fd56c131315700154ab408b0eac513e63a
-
Filesize
10KB
MD5e45d973e871c574028a8d4942946d992
SHA15e5d369d047c7b42898d70759bd583fc29926c5d
SHA25626940a8fc0b9cee1ae15d7153b11e77cda858383bb1d791a4d393bf67f430dc3
SHA512bb37c6c19ffc504da036d6b8e4b12c809c037eec266978084596906e88fbba10e8717776be269b05959bdbff78f93bb5e5c13bf0e2ce88706e84273eee02dff3
-
Filesize
15KB
MD51d0da1a1804e20be80d57c60c494a545
SHA12953e9f187708d25906010edd97caa9334dc0386
SHA2560186f491c6afa68a2e1d9dbb1e27861ee68137ebd4ce0880f4c134bf592e5dfb
SHA512ea5b61c2670813662beb4cbaff448602483cace2a6cf3bf75be8d53d3a1c52ec7c3ed52e454bbf000b90b9015c0e6114f16c30282b4acd7152f2fa466ddb4ec0
-
Filesize
227KB
MD5c84282a7839e3cf3dd27582c197dc015
SHA16e75747104eeefc94010a4d00d5bf320372a1bc2
SHA256d08b648160523caefd06dd297f0d8d2211b83a1887593750051c8c16a160606c
SHA51272768e92cec2c6bc5c8d661d0f41ac2011268456c40823e88a5ef27a03b4de190404086de5b517eda55e7f3905e41bf089ae981c7ee8b1e3dc37941be3a418c6
-
Filesize
227KB
MD5aad55765526f0d971e8e7bd345fe18f6
SHA134d7def21ee5e6e5dd29fd1563167e4b94da0e8a
SHA256e05d33f9a45af5f2919981c9bb08446dd8ea9d3f267746c00e1e22ed5093e3ee
SHA51213ff32a9fcd2e50da97feb6b69bef5aa1d65d9300347c517879d02c445fc963e09921cf1108849b396001b8fdd1f3606c759fff62dee05edfb39684bda90ffcc
-
Filesize
21.9MB
MD5ed4087dc0d640f47a0eb158a029d1331
SHA15d0e72f340c5784195f5bd7c1b825a2a405aadd9
SHA256afd7a79ce2bd0142a890ac01f580534f1a96f1ffbaa1ad17d7512751cde19f08
SHA5128d65de1c62fe7d4f2540a997e9fd0912b99d1561ade4e55b020700b0608f7da76d7a1b3fada413c1a742c9304e3295403ac0c9cd30bb563c56dd8a68ea36b374
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
92KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.4MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
2.4MB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB