Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 19:24

General

  • Target

    TLauncher.exe

  • Size

    2.7MB

  • MD5

    cb027aa142f066c4f4fb9de5ff6ff493

  • SHA1

    70a3ecaae4728c2a97c99f5fc7c12268e349ec91

  • SHA256

    682500d7ea4034f74fc2387b77a7a6cd3d6e06d6bd992ebbbb29978a33d1bd01

  • SHA512

    79a973dfd3c1a860a495672a07f6f17286cdbebe04492117d03cbcf9e3a383b8140102f2e6cf700bdbe9821f0ae93e5fe52c3604c1be593040e9cc64e76e576e

  • SSDEEP

    49152:q2qPl6Dm1WPOQCzCwiKc4ocySSca2d9UM22c5Yw/Vu/8BkRVvw:klq6aOQCuwiKc4ocyj2d6nYdLw

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:880
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2144

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          252B

          MD5

          83f0690476c87494823e7af35949cab4

          SHA1

          021a4c8285c2e2dbfa427cc60a524f9ea6b29fe9

          SHA256

          561eeeb0bc5c1ce0f659177f818b1d717aaf971ec19c9ffb80557f4894d7f954

          SHA512

          48e6a2d10c9d308fe53c7a74d03fe7591f266a1d0d0c58d243bd8e105085b6df5d2bbe338a88b7ed3542d5491a25fa7a569ccb94d7b4f8cc584e4e3e4ed9d4fa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          226b5fd26b353e8d30ad7fea2590eeef

          SHA1

          64f2f09377220ef2f5b92af26d7467ff6ec0c20a

          SHA256

          4fe03e5793b7ba0fe4fd37b0977d059a2bde81348d8c36863a67c7334e429997

          SHA512

          e22a0f84c6f944b3597863e2e73fa5ede24fd121138015d563ed3667f8f7c036d93c8777cb981270d5e950a73a8754b9efc908906054de70c2464683b4a9623f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          28394630997f13f92d696909b5252c19

          SHA1

          d72a8841f467986f004f56cda0e52dc94c195c8a

          SHA256

          29f2a15df8ffd95885254cf8d44e716eed478825dde3ef2bf4e3343eb289600c

          SHA512

          6551199302567477dd23d01dbd38440c861f7fe3c7abbe45a8202f771abf7e8e4502b424f0e2735bdc55773e3718b2add1ac20d281bd4f8cc6c1523c0a962164

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f15a72a50b6757f9395384479a2328c6

          SHA1

          11fd48281f84d171a433207b97cb5bfba934dbb4

          SHA256

          b5afcd1037c2599310ffb5e0a94284d576b3f011b88671b3c73c035bd2b64bdf

          SHA512

          ab32a9aa610e91d0401fd172aaf2aab35d111ea362d54d554c200c9fcfd820906b668b7a2ccaa9fc9c7eb0abf05358ddc13cd49f082bf46fa9e9494cfed29fc0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cb047b0382225c29c8717d8bd282deb7

          SHA1

          917addab710ed4e100f7d108d8ea277c422c8cf8

          SHA256

          fe38898abd256a7f5aab9d201b89c4453952cd7a674088751fb1e3ae5be5ab9c

          SHA512

          c088cb1880fb9c6b7e370a4ee3e9590104582c89c94c38c9a60d96ce3c645c92029bcf4c05f76a054c8564ca2a38c13a3e3c3beb8788df0770f2e185aaa17e2f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          efc55639c243004e002f6dc4ec4c4c8a

          SHA1

          01ac79f9e0400d2a9393bceeaa67b3763274b615

          SHA256

          7eea3b72ca623c999e637dd98693b1bea7b676ea07102a8cb5b17c565a97b4c9

          SHA512

          7ac6249a6e73618bfa9ecf7fcd19d2cf39a737dc0f18e8de33c50ab68998ed095634003b88a841762e1ec91abedd9d0034d2076f503d63098159358c7edef6ac

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          259bc3b2996efc8321f48229716307b9

          SHA1

          cbde18b96dae0b7d85304f200926c93e31a50718

          SHA256

          ce954dfa7ea076d485dd520e0c8e5e672825a2030eb6cedf11e6e48a76d2ff5c

          SHA512

          6b4a8575e8557afe3ce868c5ca9fa63a62a44b359cfef3a27ec3d38a41435916e225a00a053a3b1f6ff644f20ffc8e727602fe3b70c405a1a7df7327b21a2abd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          65db7ee0c1c2cd3a118d63abc0570ec0

          SHA1

          c32bcdb5da2d8d3d485a0c69eaca284a1ec373c7

          SHA256

          b53e806d49e031fe15d33e1de69cfe784cbd2dcb92ac656402cdbb23251b5291

          SHA512

          e0d6baa37ae9fa8eb738901351207982b07036c416ef6baeb2182b81c5099e26eff18df769ffe55f28f6953829ce9cb57ca3c1387ab22630d9c23512c063c2bc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          eb55af77674f5c3f555343e6b12941c2

          SHA1

          d8d37015b291d762a72ffd9012a1c0e1da065cb2

          SHA256

          499099f47d31e0f858b4d25e50e8323077360629729edc16996d14549c3d4863

          SHA512

          1b59839bb4a0280f9d927b29105d7c1aa46e32b39fbc6322f2fbddf80f328b5459892bb4eb11211e0de77a810f5879a57af98e1e0d42817f4a0b9c731898d573

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4b49ce14a474bb39c21dce62abdeda79

          SHA1

          8655d536d84f52688144ad8d79aac2390099120b

          SHA256

          fca8d57135d31a14d38970bf51d4a334dc2e8e95c0d07bedee2851dc4612f49d

          SHA512

          8149c94f1f3b44452e75a487e21800ae3c05ca83cf0040333ecad8c42534bcc58e3a6dff2ca44fed2478ab9299def18f0a683174164f3a6d94e0ec4604cb75e8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          899abcaad7cc879118d5711a7e189096

          SHA1

          4b38c1ff001042a896b8772365487b089828a3d8

          SHA256

          ef2350b531505db8f68f290773b1c51ec93f9506885a6bf29104c3cf95beb0e4

          SHA512

          7c14eb117345915c54b7da540402d7c48e85fef33a0ef6a96da81759222c54896b7edbc11f9dc1352fb11c75cde9575b4e666defc62ae65d0f32b198a72ac7f5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7dec52c64cdf403b884a62eb6cc83b19

          SHA1

          6930caf61317e1f41393563079df3684c8d5943b

          SHA256

          46763cad03afdf811e5da7d9ea51e25df50ddd633a1cd154e1459bf401899c7d

          SHA512

          351fba8b1b816828777289705392d6342bc7e115c15c99a1a4eec36e1cc6f368e44657825af847de70081e18788ae56bd5f5e5b6ba25eb0cf7b6b889680aafa4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          bbb71d907fbd080498b754ac091e2d9c

          SHA1

          9ec65d0cfadb91170275665326492ea963a33b07

          SHA256

          2ce500fbbeb170ae8fd9d3b3207e1fa552314f629a174452f25ac9e759f7fe8a

          SHA512

          ed1953802f75c368ed77f1781cba51ceafc7682943dfe52c27fc2c8578e34807d376894372d53e2151eab67d1243eb93aee36302e64ad864f5adf3d1bcf412f6

        • C:\Users\Admin\AppData\Local\Temp\Cab39E6.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar39F8.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/1224-0-0x0000000000400000-0x0000000000417000-memory.dmp

          Filesize

          92KB