Analysis

  • max time kernel
    130s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2024 19:28

General

  • Target

    CLaunch_v4.0.4_32Bit_Setup.exe

  • Size

    1.8MB

  • MD5

    54480f90931211f14061588f00a38ed8

  • SHA1

    f865afe8f124073073d72cea375feabcac3b9074

  • SHA256

    e34c26fc7fa6a25bd951619491bd0f0a6debcc38a2f5163ed2dbb00451ebe3b0

  • SHA512

    b4d3832b095711e0abe072acd134c148062ea2f73a47e7a6c3bbdba0a4a3f18ce6944cf601502c380df317a53902f16b6bb07a1156429fda86104e815b43c650

  • SSDEEP

    24576:5cBGvXirzmR4EJEM8rmlXtYpaQWQ82U5khl40i1Lbpq1a3Bk1uT/fzx:/XiE0K1t7+zi1Lb13Bk1wfV

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 32 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4088
    • C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\CLaunch\CLaunch.exe

    Filesize

    970KB

    MD5

    92642a29ac1e5344adba7f359f4b027f

    SHA1

    a8c6c68c231e202220fdb922f3bb87b787df6e1a

    SHA256

    1233508594ec70e604d6b5ed0a31dbc49021123b811ed1fd72d38934f61ce195

    SHA512

    9b2935e0a81b507dca7a91e02ef7e2dbd54c8075e90fcfb995b369afff27666b1146d9a385377c9707b712d369fcf20fe086a331286c2a65061bc0960d9f31ad

  • C:\Program Files (x86)\CLaunch\ClAdmin.exe

    Filesize

    100KB

    MD5

    128351cc939df45b8c36f556e797c82e

    SHA1

    4601db67a6ba316a11eef43beda3f833dc795cd7

    SHA256

    58f4e77115976010eed4cee481b910f928b3f8b4e67d4b7d1adff1a0e0aac49f

    SHA512

    a260353413da0c76279870ccfafb13e4314bcd0972128985128bae79b35db38ce9f70c5ae21cee55649096c71d22184c76b9cf75d4c60567e56c2bb091b1a965

  • C:\Program Files (x86)\CLaunch\ClHook.dll

    Filesize

    93KB

    MD5

    e57badcdab32d4adf1d8d68cbc2acd06

    SHA1

    bae2ff80bf04331456e3904a784fe8029094c8d1

    SHA256

    0be6b179cbb452616ce3b828e8d207f6693b5763d93ca50194ec6d2744b057e6

    SHA512

    a9c1e8bdd4bb6306fd5c7d494f274f09fe5797bc52c60e1288f7bb09b9f15690eef077f95b7a1a58cf16ab00c8096f2577a78475ce8525786ad4061206e76851

  • C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm

    Filesize

    328KB

    MD5

    ca29dfa10fe1b8dbc12b45364af33f18

    SHA1

    c9e599b2cea93f1585ffdf5a45ad4de52c271278

    SHA256

    586ca0d164a2611870a62f12e0452bd09025efc03340904a030347586f80ff40

    SHA512

    a1985678a33698c6190a09b8986765242657f48d409ad137ee508f516923439137a34b6ec7f43ed5afaf3f8ba895124b02a2012b12824e2e34bc77b9760347ce

  • C:\Program Files (x86)\CLaunch\Languages\Chinese.dll

    Filesize

    115KB

    MD5

    ee709bd544cf6dee9c804d85c53d35f4

    SHA1

    2ada1c46fd740bd52c7aacacf2953e787ec3558b

    SHA256

    ad3c58385f26ec8f87040c474ceb372a7323def350d088ea878112f44c94abef

    SHA512

    6ea9dc95f3330b710054ec6a31081d4e5c41fb377f6e0347070a5b5d8c18a7d65cd4c837aee19ca0a31ce68acd2fe9c303d4f57cb152689c3f3a5bea11e7aea1

  • C:\Program Files (x86)\CLaunch\Languages\Korean.dll

    Filesize

    119KB

    MD5

    73bb3a4b84d17f40b8308f45afaad7a7

    SHA1

    d9b6459aa1b561fafda764ec91110aa6d5fdce53

    SHA256

    a706f32a3b55c6f226e56d144b37754ea07f4a3e69b055b3253174a895bc0169

    SHA512

    ccdd47985dec82bf24a7514db8df605b1faeca65f7dff4cedf6b48defdf9de1662f0ff367d1eab1cedbc5826c31df26110dbe3d86a9dba2c7dbd882a473b659e

  • C:\Program Files (x86)\CLaunch\Languages\Russian.dll

    Filesize

    135KB

    MD5

    7ab6b4f92404df446a28bbadca915062

    SHA1

    837cf40b429fb7225f09ac000bbdb66c1a5b045a

    SHA256

    1f6c50da7042f0b55e1ba7e09264d3313a8d033259b8d3cb960ed6b16fad888f

    SHA512

    ebca6f7eafdf71fbc5e1875a3d7aef653fc0677890e8c42a55aa5458ffbbf25c6443a8d2f3e44ee1346427745f2b3d640a665689e4f792a2056c851366b7237a

  • C:\Program Files (x86)\CLaunch\Languages\Spanish.dll

    Filesize

    144KB

    MD5

    8b6dc6ea1f2f025cdc786fee9cf72bb8

    SHA1

    1385a5fc3373efc3189b188316415435aa3777dc

    SHA256

    defe49de8a56a35af7109b0edeadff13ad6aaedb38d6754cc7af8672d25ed72e

    SHA512

    e188a2dbb901321ccbbba43b6218e6d2c8b9a13c2b91d88f0d3cf6f43880f295cf636fa97c16ae9a3ca02cafe37a6f0246dca240ca426e168315501e955115c0

  • C:\Program Files (x86)\CLaunch\Skins\Glass.zip

    Filesize

    59KB

    MD5

    b02daf92c40ec61e3cf1f45f1e3ca594

    SHA1

    2e08b2ad8189ecb7c1bde82121e15bffef769f8a

    SHA256

    5055d3f3e129bd19166a88ced9a0701ae6e4fc7e6c75a0fd20e29ac13354abc3

    SHA512

    7bf8e97c2d378073f8e7c51645ae0f2a1a9cfb0616b47eda865adb7927775bd6ce9d2a8dd0cdfbb32644260aaa020ec3e09a1b53fe3d3b85f458f617f46217db

  • C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip

    Filesize

    18KB

    MD5

    3b943c8e146c28ef23770b4bcb4e1b1e

    SHA1

    1fb1675f048a6dfecf38e9c1d144adbd497cf1cc

    SHA256

    f481d0971913b8382e363ba21c4995b861063a38a2c26f9b3faa20846ed00bfc

    SHA512

    a84b91a2da6d5c33ff898b7e3eb606e3fdb8663fede0ff498a95728eeab705a9687669af4cdfa28248eace9ea615371e098d2602d48413fa6f568c28f1c830be

  • C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip

    Filesize

    22KB

    MD5

    b1d11a0e05a30766a19cdcb669ef140f

    SHA1

    970712d951eac2cd7e5e3e79e0694b5b5b6101ca

    SHA256

    f483b36404ca48e86ef8a9c2353a69774b3e506e57e97a14a1c9393a8193bcc1

    SHA512

    5f675dec0908ca334323e923fcac62b0603bbca1801eff04b94dc79ac595320bfabccca7c78560c3601bd64b9e0fd21c0d6ffd6f7b5f7a68c1892ebc435e972f

  • C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Docs\CLaunch_en.chm

    Filesize

    296KB

    MD5

    9d41f99aaf945634b9b73169cc0fc82e

    SHA1

    80164234ee85287d4e1ea94bf20f1b76d7411927

    SHA256

    da6e54b354a95a90661b713ead1f62c597d368276242b48cbf56287434dcfadd

    SHA512

    27505ff03afecead3cf576392cac929f21cf88e4eedf95a231470f81996bd2c70359ba867230e9e90330f42da783fc5791f2488d2937f73e63cbbd745d0f88a2

  • C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Chinese_t.dll

    Filesize

    118KB

    MD5

    6ef531f8f59bc7bf2bb2664702b7d155

    SHA1

    e6e0220075b9dfaf773b0106a0ce1885be863126

    SHA256

    6a14c61709f2cab5354032e547f61302b1c5beb7e38f9ebcbfa3aa514030d946

    SHA512

    a23d176fcf8cdaa342e03148f4b1a68e6577466efb65fc7421db455274132310afa2761e69a58badde34dca7cf9ea9b3426043be72a3741a7476bf156e7deeb1

  • C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\English.dll

    Filesize

    138KB

    MD5

    0dc89a0461c29bd2dcefcd6f25d9ae39

    SHA1

    5a34df0f8047e488dfa3dd816557fc1a11e62c6e

    SHA256

    aa8be1cf26040eb620eec8e26294ee938d1059ef815865459c64dda88a7a19da

    SHA512

    a370d66c03f1b7e80838ef102a944ee301d504f66cb8114fb03f79717edf26361ed864aabaf7497bdf01b1314cd6b87d66c1c7db7e8a18ed0a41c42850cc45e6

  • C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Language.ini

    Filesize

    3KB

    MD5

    06207469b4aaaa298793e796f615c696

    SHA1

    540452d3b383dcf4551178c32fbfcd3d445eec80

    SHA256

    46403b7b5e394569d5f4034fb4c7281eb6ee881e4d897c45dd447cb08d7ed240

    SHA512

    52f812874d1fd0b344f794d4dfa531fb30bfa3e604d6d37fe49df953e2c14d3791f19345291c98a4574e8a2a2517d27dbc0ff3b4d3aa9974b6349fc7f06e23e6

  • C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Setup.exe

    Filesize

    170KB

    MD5

    19d9735f791e35894e2ac444dc7f0660

    SHA1

    1a0c9ac76ce26ee96edfe81de3e41d33f2d24ec1

    SHA256

    00c8fafb1785050756496155bf6a6f070d965b0ceeec6ed2cbc41fdc52e09ace

    SHA512

    1a2e639eec221a79be1966956b494850ba33ac114d68e38a57cdbef784346a930181d313f456c325a014e051f928489529901289b0c8205efe528077968249eb