Malware Analysis Report

2025-01-03 09:54

Sample ID 241026-x6mxkswjgk
Target 651365c5bc0e6c61e9941e7bdc0bb505dec10d4c00efffbf217586ab33ced21f
SHA256 651365c5bc0e6c61e9941e7bdc0bb505dec10d4c00efffbf217586ab33ced21f
Tags
qr link discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

651365c5bc0e6c61e9941e7bdc0bb505dec10d4c00efffbf217586ab33ced21f

Threat Level: Shows suspicious behavior

The file 651365c5bc0e6c61e9941e7bdc0bb505dec10d4c00efffbf217586ab33ced21f was found to be: Shows suspicious behavior.

Malicious Activity Summary

qr link discovery

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Checks installed software on the system

Drops file in Program Files directory

One or more HTTP URLs in qr code identified

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-26 19:28

Signatures

One or more HTTP URLs in qr code identified

qr link

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-26 19:28

Reported

2024-10-26 19:30

Platform

win7-20241010-en

Max time kernel

118s

Max time network

122s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\!果核剥壳 - 全网更新最快.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\!果核剥壳 - 全网更新最快.url"

Network

N/A

Files

memory/2880-0-0x0000000000420000-0x0000000000421000-memory.dmp

memory/2880-1-0x0000000000420000-0x0000000000421000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-26 19:28

Reported

2024-10-26 19:30

Platform

win10v2004-20241007-en

Max time kernel

131s

Max time network

136s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\!果核剥壳 - 全网更新最快.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\!果核剥壳 - 全网更新最快.url"

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-26 19:28

Reported

2024-10-26 19:30

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Language.ini C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Language.ini C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Spanish.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\ClAdmin.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\English.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Spanish.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Chinese_t.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Docs\CLaunch_en.chm C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Setup.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\ClHook.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\ClAdmin.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Chinese.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Skins\Glass.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Skins\Glass.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\CLaunch.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Korean.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Korean.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Russian.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\CLaunch.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Setup.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Docs\CLaunch_en.chm C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\English.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\ClHook.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Chinese_t.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Russian.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Chinese.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe

"C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe"

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe

"C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Setup.exe

MD5 19d9735f791e35894e2ac444dc7f0660
SHA1 1a0c9ac76ce26ee96edfe81de3e41d33f2d24ec1
SHA256 00c8fafb1785050756496155bf6a6f070d965b0ceeec6ed2cbc41fdc52e09ace
SHA512 1a2e639eec221a79be1966956b494850ba33ac114d68e38a57cdbef784346a930181d313f456c325a014e051f928489529901289b0c8205efe528077968249eb

\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\English.dll

MD5 0dc89a0461c29bd2dcefcd6f25d9ae39
SHA1 5a34df0f8047e488dfa3dd816557fc1a11e62c6e
SHA256 aa8be1cf26040eb620eec8e26294ee938d1059ef815865459c64dda88a7a19da
SHA512 a370d66c03f1b7e80838ef102a944ee301d504f66cb8114fb03f79717edf26361ed864aabaf7497bdf01b1314cd6b87d66c1c7db7e8a18ed0a41c42850cc45e6

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Language.ini

MD5 06207469b4aaaa298793e796f615c696
SHA1 540452d3b383dcf4551178c32fbfcd3d445eec80
SHA256 46403b7b5e394569d5f4034fb4c7281eb6ee881e4d897c45dd447cb08d7ed240
SHA512 52f812874d1fd0b344f794d4dfa531fb30bfa3e604d6d37fe49df953e2c14d3791f19345291c98a4574e8a2a2517d27dbc0ff3b4d3aa9974b6349fc7f06e23e6

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\CLaunch.exe

MD5 92642a29ac1e5344adba7f359f4b027f
SHA1 a8c6c68c231e202220fdb922f3bb87b787df6e1a
SHA256 1233508594ec70e604d6b5ed0a31dbc49021123b811ed1fd72d38934f61ce195
SHA512 9b2935e0a81b507dca7a91e02ef7e2dbd54c8075e90fcfb995b369afff27666b1146d9a385377c9707b712d369fcf20fe086a331286c2a65061bc0960d9f31ad

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\ClHook.dll

MD5 e57badcdab32d4adf1d8d68cbc2acd06
SHA1 bae2ff80bf04331456e3904a784fe8029094c8d1
SHA256 0be6b179cbb452616ce3b828e8d207f6693b5763d93ca50194ec6d2744b057e6
SHA512 a9c1e8bdd4bb6306fd5c7d494f274f09fe5797bc52c60e1288f7bb09b9f15690eef077f95b7a1a58cf16ab00c8096f2577a78475ce8525786ad4061206e76851

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\ClAdmin.exe

MD5 128351cc939df45b8c36f556e797c82e
SHA1 4601db67a6ba316a11eef43beda3f833dc795cd7
SHA256 58f4e77115976010eed4cee481b910f928b3f8b4e67d4b7d1adff1a0e0aac49f
SHA512 a260353413da0c76279870ccfafb13e4314bcd0972128985128bae79b35db38ce9f70c5ae21cee55649096c71d22184c76b9cf75d4c60567e56c2bb091b1a965

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Docs\CLaunch_en.chm

MD5 9d41f99aaf945634b9b73169cc0fc82e
SHA1 80164234ee85287d4e1ea94bf20f1b76d7411927
SHA256 da6e54b354a95a90661b713ead1f62c597d368276242b48cbf56287434dcfadd
SHA512 27505ff03afecead3cf576392cac929f21cf88e4eedf95a231470f81996bd2c70359ba867230e9e90330f42da783fc5791f2488d2937f73e63cbbd745d0f88a2

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Docs\CLaunch_ja.chm

MD5 ca29dfa10fe1b8dbc12b45364af33f18
SHA1 c9e599b2cea93f1585ffdf5a45ad4de52c271278
SHA256 586ca0d164a2611870a62f12e0452bd09025efc03340904a030347586f80ff40
SHA512 a1985678a33698c6190a09b8986765242657f48d409ad137ee508f516923439137a34b6ec7f43ed5afaf3f8ba895124b02a2012b12824e2e34bc77b9760347ce

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Chinese.dll

MD5 ee709bd544cf6dee9c804d85c53d35f4
SHA1 2ada1c46fd740bd52c7aacacf2953e787ec3558b
SHA256 ad3c58385f26ec8f87040c474ceb372a7323def350d088ea878112f44c94abef
SHA512 6ea9dc95f3330b710054ec6a31081d4e5c41fb377f6e0347070a5b5d8c18a7d65cd4c837aee19ca0a31ce68acd2fe9c303d4f57cb152689c3f3a5bea11e7aea1

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Chinese_t.dll

MD5 6ef531f8f59bc7bf2bb2664702b7d155
SHA1 e6e0220075b9dfaf773b0106a0ce1885be863126
SHA256 6a14c61709f2cab5354032e547f61302b1c5beb7e38f9ebcbfa3aa514030d946
SHA512 a23d176fcf8cdaa342e03148f4b1a68e6577466efb65fc7421db455274132310afa2761e69a58badde34dca7cf9ea9b3426043be72a3741a7476bf156e7deeb1

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Korean.dll

MD5 73bb3a4b84d17f40b8308f45afaad7a7
SHA1 d9b6459aa1b561fafda764ec91110aa6d5fdce53
SHA256 a706f32a3b55c6f226e56d144b37754ea07f4a3e69b055b3253174a895bc0169
SHA512 ccdd47985dec82bf24a7514db8df605b1faeca65f7dff4cedf6b48defdf9de1662f0ff367d1eab1cedbc5826c31df26110dbe3d86a9dba2c7dbd882a473b659e

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Skins\Glass.zip

MD5 b02daf92c40ec61e3cf1f45f1e3ca594
SHA1 2e08b2ad8189ecb7c1bde82121e15bffef769f8a
SHA256 5055d3f3e129bd19166a88ced9a0701ae6e4fc7e6c75a0fd20e29ac13354abc3
SHA512 7bf8e97c2d378073f8e7c51645ae0f2a1a9cfb0616b47eda865adb7927775bd6ce9d2a8dd0cdfbb32644260aaa020ec3e09a1b53fe3d3b85f458f617f46217db

C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip

MD5 b1d11a0e05a30766a19cdcb669ef140f
SHA1 970712d951eac2cd7e5e3e79e0694b5b5b6101ca
SHA256 f483b36404ca48e86ef8a9c2353a69774b3e506e57e97a14a1c9393a8193bcc1
SHA512 5f675dec0908ca334323e923fcac62b0603bbca1801eff04b94dc79ac595320bfabccca7c78560c3601bd64b9e0fd21c0d6ffd6f7b5f7a68c1892ebc435e972f

C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip

MD5 3b943c8e146c28ef23770b4bcb4e1b1e
SHA1 1fb1675f048a6dfecf38e9c1d144adbd497cf1cc
SHA256 f481d0971913b8382e363ba21c4995b861063a38a2c26f9b3faa20846ed00bfc
SHA512 a84b91a2da6d5c33ff898b7e3eb606e3fdb8663fede0ff498a95728eeab705a9687669af4cdfa28248eace9ea615371e098d2602d48413fa6f568c28f1c830be

C:\Program Files (x86)\CLaunch\Languages\Spanish.dll

MD5 8b6dc6ea1f2f025cdc786fee9cf72bb8
SHA1 1385a5fc3373efc3189b188316415435aa3777dc
SHA256 defe49de8a56a35af7109b0edeadff13ad6aaedb38d6754cc7af8672d25ed72e
SHA512 e188a2dbb901321ccbbba43b6218e6d2c8b9a13c2b91d88f0d3cf6f43880f295cf636fa97c16ae9a3ca02cafe37a6f0246dca240ca426e168315501e955115c0

C:\Program Files (x86)\CLaunch\Languages\Russian.dll

MD5 7ab6b4f92404df446a28bbadca915062
SHA1 837cf40b429fb7225f09ac000bbdb66c1a5b045a
SHA256 1f6c50da7042f0b55e1ba7e09264d3313a8d033259b8d3cb960ed6b16fad888f
SHA512 ebca6f7eafdf71fbc5e1875a3d7aef653fc0677890e8c42a55aa5458ffbbf25c6443a8d2f3e44ee1346427745f2b3d640a665689e4f792a2056c851366b7237a

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-26 19:28

Reported

2024-10-26 19:30

Platform

win10v2004-20241007-en

Max time kernel

130s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\CLaunch\Skins\Glass.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\CLaunch.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\ClAdmin.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Docs\CLaunch_en.chm C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Language.ini C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Chinese.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\English.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Korean.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Russian.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\CLaunch.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Setup.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Korean.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Language.ini C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Spanish.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Skins\Glass.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Docs\CLaunch_en.chm C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Chinese_t.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Russian.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\Chinese.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Chinese_t.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\ClHook.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\ClHook.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Setup.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\ClAdmin.exe C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File created C:\Program Files (x86)\CLaunch\Languages\English.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
File opened for modification C:\Program Files (x86)\CLaunch\Languages\Spanish.dll C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe

"C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe"

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe

"C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Setup.exe

MD5 19d9735f791e35894e2ac444dc7f0660
SHA1 1a0c9ac76ce26ee96edfe81de3e41d33f2d24ec1
SHA256 00c8fafb1785050756496155bf6a6f070d965b0ceeec6ed2cbc41fdc52e09ace
SHA512 1a2e639eec221a79be1966956b494850ba33ac114d68e38a57cdbef784346a930181d313f456c325a014e051f928489529901289b0c8205efe528077968249eb

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Language.ini

MD5 06207469b4aaaa298793e796f615c696
SHA1 540452d3b383dcf4551178c32fbfcd3d445eec80
SHA256 46403b7b5e394569d5f4034fb4c7281eb6ee881e4d897c45dd447cb08d7ed240
SHA512 52f812874d1fd0b344f794d4dfa531fb30bfa3e604d6d37fe49df953e2c14d3791f19345291c98a4574e8a2a2517d27dbc0ff3b4d3aa9974b6349fc7f06e23e6

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\English.dll

MD5 0dc89a0461c29bd2dcefcd6f25d9ae39
SHA1 5a34df0f8047e488dfa3dd816557fc1a11e62c6e
SHA256 aa8be1cf26040eb620eec8e26294ee938d1059ef815865459c64dda88a7a19da
SHA512 a370d66c03f1b7e80838ef102a944ee301d504f66cb8114fb03f79717edf26361ed864aabaf7497bdf01b1314cd6b87d66c1c7db7e8a18ed0a41c42850cc45e6

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Docs\CLaunch_en.chm

MD5 9d41f99aaf945634b9b73169cc0fc82e
SHA1 80164234ee85287d4e1ea94bf20f1b76d7411927
SHA256 da6e54b354a95a90661b713ead1f62c597d368276242b48cbf56287434dcfadd
SHA512 27505ff03afecead3cf576392cac929f21cf88e4eedf95a231470f81996bd2c70359ba867230e9e90330f42da783fc5791f2488d2937f73e63cbbd745d0f88a2

C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Chinese_t.dll

MD5 6ef531f8f59bc7bf2bb2664702b7d155
SHA1 e6e0220075b9dfaf773b0106a0ce1885be863126
SHA256 6a14c61709f2cab5354032e547f61302b1c5beb7e38f9ebcbfa3aa514030d946
SHA512 a23d176fcf8cdaa342e03148f4b1a68e6577466efb65fc7421db455274132310afa2761e69a58badde34dca7cf9ea9b3426043be72a3741a7476bf156e7deeb1

C:\Program Files (x86)\CLaunch\Languages\Chinese.dll

MD5 ee709bd544cf6dee9c804d85c53d35f4
SHA1 2ada1c46fd740bd52c7aacacf2953e787ec3558b
SHA256 ad3c58385f26ec8f87040c474ceb372a7323def350d088ea878112f44c94abef
SHA512 6ea9dc95f3330b710054ec6a31081d4e5c41fb377f6e0347070a5b5d8c18a7d65cd4c837aee19ca0a31ce68acd2fe9c303d4f57cb152689c3f3a5bea11e7aea1

C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip

MD5 b1d11a0e05a30766a19cdcb669ef140f
SHA1 970712d951eac2cd7e5e3e79e0694b5b5b6101ca
SHA256 f483b36404ca48e86ef8a9c2353a69774b3e506e57e97a14a1c9393a8193bcc1
SHA512 5f675dec0908ca334323e923fcac62b0603bbca1801eff04b94dc79ac595320bfabccca7c78560c3601bd64b9e0fd21c0d6ffd6f7b5f7a68c1892ebc435e972f

C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip

MD5 3b943c8e146c28ef23770b4bcb4e1b1e
SHA1 1fb1675f048a6dfecf38e9c1d144adbd497cf1cc
SHA256 f481d0971913b8382e363ba21c4995b861063a38a2c26f9b3faa20846ed00bfc
SHA512 a84b91a2da6d5c33ff898b7e3eb606e3fdb8663fede0ff498a95728eeab705a9687669af4cdfa28248eace9ea615371e098d2602d48413fa6f568c28f1c830be

C:\Program Files (x86)\CLaunch\Skins\Glass.zip

MD5 b02daf92c40ec61e3cf1f45f1e3ca594
SHA1 2e08b2ad8189ecb7c1bde82121e15bffef769f8a
SHA256 5055d3f3e129bd19166a88ced9a0701ae6e4fc7e6c75a0fd20e29ac13354abc3
SHA512 7bf8e97c2d378073f8e7c51645ae0f2a1a9cfb0616b47eda865adb7927775bd6ce9d2a8dd0cdfbb32644260aaa020ec3e09a1b53fe3d3b85f458f617f46217db

C:\Program Files (x86)\CLaunch\Languages\Spanish.dll

MD5 8b6dc6ea1f2f025cdc786fee9cf72bb8
SHA1 1385a5fc3373efc3189b188316415435aa3777dc
SHA256 defe49de8a56a35af7109b0edeadff13ad6aaedb38d6754cc7af8672d25ed72e
SHA512 e188a2dbb901321ccbbba43b6218e6d2c8b9a13c2b91d88f0d3cf6f43880f295cf636fa97c16ae9a3ca02cafe37a6f0246dca240ca426e168315501e955115c0

C:\Program Files (x86)\CLaunch\Languages\Russian.dll

MD5 7ab6b4f92404df446a28bbadca915062
SHA1 837cf40b429fb7225f09ac000bbdb66c1a5b045a
SHA256 1f6c50da7042f0b55e1ba7e09264d3313a8d033259b8d3cb960ed6b16fad888f
SHA512 ebca6f7eafdf71fbc5e1875a3d7aef653fc0677890e8c42a55aa5458ffbbf25c6443a8d2f3e44ee1346427745f2b3d640a665689e4f792a2056c851366b7237a

C:\Program Files (x86)\CLaunch\Languages\Korean.dll

MD5 73bb3a4b84d17f40b8308f45afaad7a7
SHA1 d9b6459aa1b561fafda764ec91110aa6d5fdce53
SHA256 a706f32a3b55c6f226e56d144b37754ea07f4a3e69b055b3253174a895bc0169
SHA512 ccdd47985dec82bf24a7514db8df605b1faeca65f7dff4cedf6b48defdf9de1662f0ff367d1eab1cedbc5826c31df26110dbe3d86a9dba2c7dbd882a473b659e

C:\Program Files (x86)\CLaunch\ClHook.dll

MD5 e57badcdab32d4adf1d8d68cbc2acd06
SHA1 bae2ff80bf04331456e3904a784fe8029094c8d1
SHA256 0be6b179cbb452616ce3b828e8d207f6693b5763d93ca50194ec6d2744b057e6
SHA512 a9c1e8bdd4bb6306fd5c7d494f274f09fe5797bc52c60e1288f7bb09b9f15690eef077f95b7a1a58cf16ab00c8096f2577a78475ce8525786ad4061206e76851

C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm

MD5 ca29dfa10fe1b8dbc12b45364af33f18
SHA1 c9e599b2cea93f1585ffdf5a45ad4de52c271278
SHA256 586ca0d164a2611870a62f12e0452bd09025efc03340904a030347586f80ff40
SHA512 a1985678a33698c6190a09b8986765242657f48d409ad137ee508f516923439137a34b6ec7f43ed5afaf3f8ba895124b02a2012b12824e2e34bc77b9760347ce

C:\Program Files (x86)\CLaunch\ClAdmin.exe

MD5 128351cc939df45b8c36f556e797c82e
SHA1 4601db67a6ba316a11eef43beda3f833dc795cd7
SHA256 58f4e77115976010eed4cee481b910f928b3f8b4e67d4b7d1adff1a0e0aac49f
SHA512 a260353413da0c76279870ccfafb13e4314bcd0972128985128bae79b35db38ce9f70c5ae21cee55649096c71d22184c76b9cf75d4c60567e56c2bb091b1a965

C:\Program Files (x86)\CLaunch\CLaunch.exe

MD5 92642a29ac1e5344adba7f359f4b027f
SHA1 a8c6c68c231e202220fdb922f3bb87b787df6e1a
SHA256 1233508594ec70e604d6b5ed0a31dbc49021123b811ed1fd72d38934f61ce195
SHA512 9b2935e0a81b507dca7a91e02ef7e2dbd54c8075e90fcfb995b369afff27666b1146d9a385377c9707b712d369fcf20fe086a331286c2a65061bc0960d9f31ad