Analysis Overview
SHA256
651365c5bc0e6c61e9941e7bdc0bb505dec10d4c00efffbf217586ab33ced21f
Threat Level: Shows suspicious behavior
The file 651365c5bc0e6c61e9941e7bdc0bb505dec10d4c00efffbf217586ab33ced21f was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Checks installed software on the system
Drops file in Program Files directory
One or more HTTP URLs in qr code identified
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-26 19:28
Signatures
One or more HTTP URLs in qr code identified
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 19:28
Reported
2024-10-26 19:30
Platform
win7-20241010-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\!果核剥壳 - 全网更新最快.url"
Network
Files
memory/2880-0-0x0000000000420000-0x0000000000421000-memory.dmp
memory/2880-1-0x0000000000420000-0x0000000000421000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 19:28
Reported
2024-10-26 19:30
Platform
win10v2004-20241007-en
Max time kernel
131s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\!果核剥壳 - 全网更新最快.url"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-26 19:28
Reported
2024-10-26 19:30
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Language.ini | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Language.ini | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Spanish.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\ClAdmin.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\English.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Spanish.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Chinese_t.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Docs\CLaunch_en.chm | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Setup.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\ClHook.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\ClAdmin.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Chinese.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Skins\Glass.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Skins\Glass.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\CLaunch.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Korean.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Korean.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Russian.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\CLaunch.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Setup.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Docs\CLaunch_en.chm | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\English.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\ClHook.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Chinese_t.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Russian.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Chinese.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe"
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe
"C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Setup.exe
| MD5 | 19d9735f791e35894e2ac444dc7f0660 |
| SHA1 | 1a0c9ac76ce26ee96edfe81de3e41d33f2d24ec1 |
| SHA256 | 00c8fafb1785050756496155bf6a6f070d965b0ceeec6ed2cbc41fdc52e09ace |
| SHA512 | 1a2e639eec221a79be1966956b494850ba33ac114d68e38a57cdbef784346a930181d313f456c325a014e051f928489529901289b0c8205efe528077968249eb |
\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\English.dll
| MD5 | 0dc89a0461c29bd2dcefcd6f25d9ae39 |
| SHA1 | 5a34df0f8047e488dfa3dd816557fc1a11e62c6e |
| SHA256 | aa8be1cf26040eb620eec8e26294ee938d1059ef815865459c64dda88a7a19da |
| SHA512 | a370d66c03f1b7e80838ef102a944ee301d504f66cb8114fb03f79717edf26361ed864aabaf7497bdf01b1314cd6b87d66c1c7db7e8a18ed0a41c42850cc45e6 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Language.ini
| MD5 | 06207469b4aaaa298793e796f615c696 |
| SHA1 | 540452d3b383dcf4551178c32fbfcd3d445eec80 |
| SHA256 | 46403b7b5e394569d5f4034fb4c7281eb6ee881e4d897c45dd447cb08d7ed240 |
| SHA512 | 52f812874d1fd0b344f794d4dfa531fb30bfa3e604d6d37fe49df953e2c14d3791f19345291c98a4574e8a2a2517d27dbc0ff3b4d3aa9974b6349fc7f06e23e6 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\CLaunch.exe
| MD5 | 92642a29ac1e5344adba7f359f4b027f |
| SHA1 | a8c6c68c231e202220fdb922f3bb87b787df6e1a |
| SHA256 | 1233508594ec70e604d6b5ed0a31dbc49021123b811ed1fd72d38934f61ce195 |
| SHA512 | 9b2935e0a81b507dca7a91e02ef7e2dbd54c8075e90fcfb995b369afff27666b1146d9a385377c9707b712d369fcf20fe086a331286c2a65061bc0960d9f31ad |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\ClHook.dll
| MD5 | e57badcdab32d4adf1d8d68cbc2acd06 |
| SHA1 | bae2ff80bf04331456e3904a784fe8029094c8d1 |
| SHA256 | 0be6b179cbb452616ce3b828e8d207f6693b5763d93ca50194ec6d2744b057e6 |
| SHA512 | a9c1e8bdd4bb6306fd5c7d494f274f09fe5797bc52c60e1288f7bb09b9f15690eef077f95b7a1a58cf16ab00c8096f2577a78475ce8525786ad4061206e76851 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\ClAdmin.exe
| MD5 | 128351cc939df45b8c36f556e797c82e |
| SHA1 | 4601db67a6ba316a11eef43beda3f833dc795cd7 |
| SHA256 | 58f4e77115976010eed4cee481b910f928b3f8b4e67d4b7d1adff1a0e0aac49f |
| SHA512 | a260353413da0c76279870ccfafb13e4314bcd0972128985128bae79b35db38ce9f70c5ae21cee55649096c71d22184c76b9cf75d4c60567e56c2bb091b1a965 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Docs\CLaunch_en.chm
| MD5 | 9d41f99aaf945634b9b73169cc0fc82e |
| SHA1 | 80164234ee85287d4e1ea94bf20f1b76d7411927 |
| SHA256 | da6e54b354a95a90661b713ead1f62c597d368276242b48cbf56287434dcfadd |
| SHA512 | 27505ff03afecead3cf576392cac929f21cf88e4eedf95a231470f81996bd2c70359ba867230e9e90330f42da783fc5791f2488d2937f73e63cbbd745d0f88a2 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Docs\CLaunch_ja.chm
| MD5 | ca29dfa10fe1b8dbc12b45364af33f18 |
| SHA1 | c9e599b2cea93f1585ffdf5a45ad4de52c271278 |
| SHA256 | 586ca0d164a2611870a62f12e0452bd09025efc03340904a030347586f80ff40 |
| SHA512 | a1985678a33698c6190a09b8986765242657f48d409ad137ee508f516923439137a34b6ec7f43ed5afaf3f8ba895124b02a2012b12824e2e34bc77b9760347ce |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Chinese.dll
| MD5 | ee709bd544cf6dee9c804d85c53d35f4 |
| SHA1 | 2ada1c46fd740bd52c7aacacf2953e787ec3558b |
| SHA256 | ad3c58385f26ec8f87040c474ceb372a7323def350d088ea878112f44c94abef |
| SHA512 | 6ea9dc95f3330b710054ec6a31081d4e5c41fb377f6e0347070a5b5d8c18a7d65cd4c837aee19ca0a31ce68acd2fe9c303d4f57cb152689c3f3a5bea11e7aea1 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Chinese_t.dll
| MD5 | 6ef531f8f59bc7bf2bb2664702b7d155 |
| SHA1 | e6e0220075b9dfaf773b0106a0ce1885be863126 |
| SHA256 | 6a14c61709f2cab5354032e547f61302b1c5beb7e38f9ebcbfa3aa514030d946 |
| SHA512 | a23d176fcf8cdaa342e03148f4b1a68e6577466efb65fc7421db455274132310afa2761e69a58badde34dca7cf9ea9b3426043be72a3741a7476bf156e7deeb1 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Korean.dll
| MD5 | 73bb3a4b84d17f40b8308f45afaad7a7 |
| SHA1 | d9b6459aa1b561fafda764ec91110aa6d5fdce53 |
| SHA256 | a706f32a3b55c6f226e56d144b37754ea07f4a3e69b055b3253174a895bc0169 |
| SHA512 | ccdd47985dec82bf24a7514db8df605b1faeca65f7dff4cedf6b48defdf9de1662f0ff367d1eab1cedbc5826c31df26110dbe3d86a9dba2c7dbd882a473b659e |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Skins\Glass.zip
| MD5 | b02daf92c40ec61e3cf1f45f1e3ca594 |
| SHA1 | 2e08b2ad8189ecb7c1bde82121e15bffef769f8a |
| SHA256 | 5055d3f3e129bd19166a88ced9a0701ae6e4fc7e6c75a0fd20e29ac13354abc3 |
| SHA512 | 7bf8e97c2d378073f8e7c51645ae0f2a1a9cfb0616b47eda865adb7927775bd6ce9d2a8dd0cdfbb32644260aaa020ec3e09a1b53fe3d3b85f458f617f46217db |
C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip
| MD5 | b1d11a0e05a30766a19cdcb669ef140f |
| SHA1 | 970712d951eac2cd7e5e3e79e0694b5b5b6101ca |
| SHA256 | f483b36404ca48e86ef8a9c2353a69774b3e506e57e97a14a1c9393a8193bcc1 |
| SHA512 | 5f675dec0908ca334323e923fcac62b0603bbca1801eff04b94dc79ac595320bfabccca7c78560c3601bd64b9e0fd21c0d6ffd6f7b5f7a68c1892ebc435e972f |
C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip
| MD5 | 3b943c8e146c28ef23770b4bcb4e1b1e |
| SHA1 | 1fb1675f048a6dfecf38e9c1d144adbd497cf1cc |
| SHA256 | f481d0971913b8382e363ba21c4995b861063a38a2c26f9b3faa20846ed00bfc |
| SHA512 | a84b91a2da6d5c33ff898b7e3eb606e3fdb8663fede0ff498a95728eeab705a9687669af4cdfa28248eace9ea615371e098d2602d48413fa6f568c28f1c830be |
C:\Program Files (x86)\CLaunch\Languages\Spanish.dll
| MD5 | 8b6dc6ea1f2f025cdc786fee9cf72bb8 |
| SHA1 | 1385a5fc3373efc3189b188316415435aa3777dc |
| SHA256 | defe49de8a56a35af7109b0edeadff13ad6aaedb38d6754cc7af8672d25ed72e |
| SHA512 | e188a2dbb901321ccbbba43b6218e6d2c8b9a13c2b91d88f0d3cf6f43880f295cf636fa97c16ae9a3ca02cafe37a6f0246dca240ca426e168315501e955115c0 |
C:\Program Files (x86)\CLaunch\Languages\Russian.dll
| MD5 | 7ab6b4f92404df446a28bbadca915062 |
| SHA1 | 837cf40b429fb7225f09ac000bbdb66c1a5b045a |
| SHA256 | 1f6c50da7042f0b55e1ba7e09264d3313a8d033259b8d3cb960ed6b16fad888f |
| SHA512 | ebca6f7eafdf71fbc5e1875a3d7aef653fc0677890e8c42a55aa5458ffbbf25c6443a8d2f3e44ee1346427745f2b3d640a665689e4f792a2056c851366b7237a |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-26 19:28
Reported
2024-10-26 19:30
Platform
win10v2004-20241007-en
Max time kernel
130s
Max time network
149s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\CLaunch\Skins\Glass.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\CLaunch.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\ClAdmin.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Docs\CLaunch_en.chm | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Language.ini | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Chinese.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\English.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Korean.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Russian.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\CLaunch.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Setup.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Korean.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Language.ini | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Spanish.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Skins\Glass.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Docs\CLaunch_en.chm | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Chinese_t.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Russian.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\Chinese.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Chinese_t.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\ClHook.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\ClHook.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Setup.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\ClAdmin.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File created | C:\Program Files (x86)\CLaunch\Languages\English.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CLaunch\Languages\Spanish.dll | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4088 wrote to memory of 1136 | N/A | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe |
| PID 4088 wrote to memory of 1136 | N/A | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe |
| PID 4088 wrote to memory of 1136 | N/A | C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe | C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\CLaunch_v4.0.4_32Bit_Setup.exe"
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe
"C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\setup.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Setup.exe
| MD5 | 19d9735f791e35894e2ac444dc7f0660 |
| SHA1 | 1a0c9ac76ce26ee96edfe81de3e41d33f2d24ec1 |
| SHA256 | 00c8fafb1785050756496155bf6a6f070d965b0ceeec6ed2cbc41fdc52e09ace |
| SHA512 | 1a2e639eec221a79be1966956b494850ba33ac114d68e38a57cdbef784346a930181d313f456c325a014e051f928489529901289b0c8205efe528077968249eb |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Language.ini
| MD5 | 06207469b4aaaa298793e796f615c696 |
| SHA1 | 540452d3b383dcf4551178c32fbfcd3d445eec80 |
| SHA256 | 46403b7b5e394569d5f4034fb4c7281eb6ee881e4d897c45dd447cb08d7ed240 |
| SHA512 | 52f812874d1fd0b344f794d4dfa531fb30bfa3e604d6d37fe49df953e2c14d3791f19345291c98a4574e8a2a2517d27dbc0ff3b4d3aa9974b6349fc7f06e23e6 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\English.dll
| MD5 | 0dc89a0461c29bd2dcefcd6f25d9ae39 |
| SHA1 | 5a34df0f8047e488dfa3dd816557fc1a11e62c6e |
| SHA256 | aa8be1cf26040eb620eec8e26294ee938d1059ef815865459c64dda88a7a19da |
| SHA512 | a370d66c03f1b7e80838ef102a944ee301d504f66cb8114fb03f79717edf26361ed864aabaf7497bdf01b1314cd6b87d66c1c7db7e8a18ed0a41c42850cc45e6 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Docs\CLaunch_en.chm
| MD5 | 9d41f99aaf945634b9b73169cc0fc82e |
| SHA1 | 80164234ee85287d4e1ea94bf20f1b76d7411927 |
| SHA256 | da6e54b354a95a90661b713ead1f62c597d368276242b48cbf56287434dcfadd |
| SHA512 | 27505ff03afecead3cf576392cac929f21cf88e4eedf95a231470f81996bd2c70359ba867230e9e90330f42da783fc5791f2488d2937f73e63cbbd745d0f88a2 |
C:\Users\Admin\AppData\Local\Temp\~CLaunch_v4.0.4_32Bit_Setup.exe\Languages\Chinese_t.dll
| MD5 | 6ef531f8f59bc7bf2bb2664702b7d155 |
| SHA1 | e6e0220075b9dfaf773b0106a0ce1885be863126 |
| SHA256 | 6a14c61709f2cab5354032e547f61302b1c5beb7e38f9ebcbfa3aa514030d946 |
| SHA512 | a23d176fcf8cdaa342e03148f4b1a68e6577466efb65fc7421db455274132310afa2761e69a58badde34dca7cf9ea9b3426043be72a3741a7476bf156e7deeb1 |
C:\Program Files (x86)\CLaunch\Languages\Chinese.dll
| MD5 | ee709bd544cf6dee9c804d85c53d35f4 |
| SHA1 | 2ada1c46fd740bd52c7aacacf2953e787ec3558b |
| SHA256 | ad3c58385f26ec8f87040c474ceb372a7323def350d088ea878112f44c94abef |
| SHA512 | 6ea9dc95f3330b710054ec6a31081d4e5c41fb377f6e0347070a5b5d8c18a7d65cd4c837aee19ca0a31ce68acd2fe9c303d4f57cb152689c3f3a5bea11e7aea1 |
C:\Program Files (x86)\CLaunch\Skins\Vista-style.zip
| MD5 | b1d11a0e05a30766a19cdcb669ef140f |
| SHA1 | 970712d951eac2cd7e5e3e79e0694b5b5b6101ca |
| SHA256 | f483b36404ca48e86ef8a9c2353a69774b3e506e57e97a14a1c9393a8193bcc1 |
| SHA512 | 5f675dec0908ca334323e923fcac62b0603bbca1801eff04b94dc79ac595320bfabccca7c78560c3601bd64b9e0fd21c0d6ffd6f7b5f7a68c1892ebc435e972f |
C:\Program Files (x86)\CLaunch\Skins\Solid Black.zip
| MD5 | 3b943c8e146c28ef23770b4bcb4e1b1e |
| SHA1 | 1fb1675f048a6dfecf38e9c1d144adbd497cf1cc |
| SHA256 | f481d0971913b8382e363ba21c4995b861063a38a2c26f9b3faa20846ed00bfc |
| SHA512 | a84b91a2da6d5c33ff898b7e3eb606e3fdb8663fede0ff498a95728eeab705a9687669af4cdfa28248eace9ea615371e098d2602d48413fa6f568c28f1c830be |
C:\Program Files (x86)\CLaunch\Skins\Glass.zip
| MD5 | b02daf92c40ec61e3cf1f45f1e3ca594 |
| SHA1 | 2e08b2ad8189ecb7c1bde82121e15bffef769f8a |
| SHA256 | 5055d3f3e129bd19166a88ced9a0701ae6e4fc7e6c75a0fd20e29ac13354abc3 |
| SHA512 | 7bf8e97c2d378073f8e7c51645ae0f2a1a9cfb0616b47eda865adb7927775bd6ce9d2a8dd0cdfbb32644260aaa020ec3e09a1b53fe3d3b85f458f617f46217db |
C:\Program Files (x86)\CLaunch\Languages\Spanish.dll
| MD5 | 8b6dc6ea1f2f025cdc786fee9cf72bb8 |
| SHA1 | 1385a5fc3373efc3189b188316415435aa3777dc |
| SHA256 | defe49de8a56a35af7109b0edeadff13ad6aaedb38d6754cc7af8672d25ed72e |
| SHA512 | e188a2dbb901321ccbbba43b6218e6d2c8b9a13c2b91d88f0d3cf6f43880f295cf636fa97c16ae9a3ca02cafe37a6f0246dca240ca426e168315501e955115c0 |
C:\Program Files (x86)\CLaunch\Languages\Russian.dll
| MD5 | 7ab6b4f92404df446a28bbadca915062 |
| SHA1 | 837cf40b429fb7225f09ac000bbdb66c1a5b045a |
| SHA256 | 1f6c50da7042f0b55e1ba7e09264d3313a8d033259b8d3cb960ed6b16fad888f |
| SHA512 | ebca6f7eafdf71fbc5e1875a3d7aef653fc0677890e8c42a55aa5458ffbbf25c6443a8d2f3e44ee1346427745f2b3d640a665689e4f792a2056c851366b7237a |
C:\Program Files (x86)\CLaunch\Languages\Korean.dll
| MD5 | 73bb3a4b84d17f40b8308f45afaad7a7 |
| SHA1 | d9b6459aa1b561fafda764ec91110aa6d5fdce53 |
| SHA256 | a706f32a3b55c6f226e56d144b37754ea07f4a3e69b055b3253174a895bc0169 |
| SHA512 | ccdd47985dec82bf24a7514db8df605b1faeca65f7dff4cedf6b48defdf9de1662f0ff367d1eab1cedbc5826c31df26110dbe3d86a9dba2c7dbd882a473b659e |
C:\Program Files (x86)\CLaunch\ClHook.dll
| MD5 | e57badcdab32d4adf1d8d68cbc2acd06 |
| SHA1 | bae2ff80bf04331456e3904a784fe8029094c8d1 |
| SHA256 | 0be6b179cbb452616ce3b828e8d207f6693b5763d93ca50194ec6d2744b057e6 |
| SHA512 | a9c1e8bdd4bb6306fd5c7d494f274f09fe5797bc52c60e1288f7bb09b9f15690eef077f95b7a1a58cf16ab00c8096f2577a78475ce8525786ad4061206e76851 |
C:\Program Files (x86)\CLaunch\Docs\CLaunch_ja.chm
| MD5 | ca29dfa10fe1b8dbc12b45364af33f18 |
| SHA1 | c9e599b2cea93f1585ffdf5a45ad4de52c271278 |
| SHA256 | 586ca0d164a2611870a62f12e0452bd09025efc03340904a030347586f80ff40 |
| SHA512 | a1985678a33698c6190a09b8986765242657f48d409ad137ee508f516923439137a34b6ec7f43ed5afaf3f8ba895124b02a2012b12824e2e34bc77b9760347ce |
C:\Program Files (x86)\CLaunch\ClAdmin.exe
| MD5 | 128351cc939df45b8c36f556e797c82e |
| SHA1 | 4601db67a6ba316a11eef43beda3f833dc795cd7 |
| SHA256 | 58f4e77115976010eed4cee481b910f928b3f8b4e67d4b7d1adff1a0e0aac49f |
| SHA512 | a260353413da0c76279870ccfafb13e4314bcd0972128985128bae79b35db38ce9f70c5ae21cee55649096c71d22184c76b9cf75d4c60567e56c2bb091b1a965 |
C:\Program Files (x86)\CLaunch\CLaunch.exe
| MD5 | 92642a29ac1e5344adba7f359f4b027f |
| SHA1 | a8c6c68c231e202220fdb922f3bb87b787df6e1a |
| SHA256 | 1233508594ec70e604d6b5ed0a31dbc49021123b811ed1fd72d38934f61ce195 |
| SHA512 | 9b2935e0a81b507dca7a91e02ef7e2dbd54c8075e90fcfb995b369afff27666b1146d9a385377c9707b712d369fcf20fe086a331286c2a65061bc0960d9f31ad |