979d6884744fa2e4564965efaaceaa448875ee01d90d8392633df96510fb7319

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-11-2024 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher.exe
Size

9.1MB
MD5

d8e44c32ec1df755d88560177779f363
SHA1

445deced30f4be9d5398f3bef7135945e3517f8a
SHA256

979d6884744fa2e4564965efaaceaa448875ee01d90d8392633df96510fb7319
SHA512

b06edddb39c5b70dd424875a902ed50c0a54fef51b5be036bcd639141ff67069c4cccef80c82fce747f84fbc2ee3338b219236a04ec145891e0c8551fc5a047d
SSDEEP

196608:eJhNVPPzMDze1Btp5ahrePa+52Pk6ptJT:eJhN6DzwBv5C

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TLauncher.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 4736	3092	TLauncher.exe	83
PID 3092 wrote to memory of 4736	3092	TLauncher.exe	83
PID 2088 wrote to memory of 1052	2088	msedge.exe	107
PID 2088 wrote to memory of 1052	2088	msedge.exe	107
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3636	2088	msedge.exe	108
PID 2088 wrote to memory of 3364	2088	msedge.exe	109
PID 2088 wrote to memory of 3364	2088	msedge.exe	109
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110
PID 2088 wrote to memory of 4292	2088	msedge.exe	110

C:\Users\Admin\AppData\Local\Temp\TLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3092
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
  2⤵
  PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultf38ff351h3cc1h4e22h99a9h1fad2263271a
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff46ce46f8,0x7fff46ce4708,0x7fff46ce4718
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10688856178641985398,7226128519997108756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10688856178641985398,7226128519997108756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10688856178641985398,7226128519997108756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault2927bb68hf937h41bcha97eh8f13f06fe72f
1⤵
PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff46ce46f8,0x7fff46ce4708,0x7fff46ce4718
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1340297586829495602,1366724573678021043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1340297586829495602,1366724573678021043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1340297586829495602,1366724573678021043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
d07a095620b3088f16a1f98d3958bcb1

SHA1
86bb0ee5e9940886319ea2055a6a7626cb782418

SHA256
a4f2e90a3cd107eeb32a2cd5e7a0789a1cfb6b35cc336fe973aa09c650691e15

SHA512
62598507c08a09eae5ad749736c1661e11d4395dabf7b5999d13270a7420fbfa8a12e15cf494309b88b1c6d8afc245652b931a47e9f58d5e441e1fae1ee8e0b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c821e7bdfca7e4b89810ee7f8d90950

SHA1
1fc7896bb645adedbfcf88b0be05868f7fb090d2

SHA256
969ad17536d091b0bfeab89d777a94dcecb3b8d988656b4c129001d55349f10c

SHA512
efc777c76b9f7e9823b2ff6ea72225f7f64d180474145d22c3e1c624d61829fefefecd251c5c69fae97e1a2900d4e50c9ee5067c8d01f44a902246b5cf3f2eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1fdfa0324e4d57849f644fca84b79666

SHA1
04983ebababa392340af748877a3a7dd906f6313

SHA256
9d9bdeec999ba3acc907bb95d22750b63e0be27c81fa4f62326a24fe5d970cbf

SHA512
9481ec9030129863f29c8ddc2845df47a78520fa830f712c2ff0aef26098fd74101b8e157cecb3cce77d058adea32ca67697ec0f3d7a430bb59cfdf88d055e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e9a89a09b221df0151b2b01287c881bf

SHA1
7d14874012c8ad5705c4601d0018ff0523451344

SHA256
9cfd641c79196bd772738be69ced92ef7e6333d9ab027ee47aad586b957a1e65

SHA512
5d8801de05eb2f9ef14a770f1269e4cd88817110c7124bfe2a924d39cf9654d615a2f9b5137f8087fd26ce39568cc0957595c4cb51c566f975bdc41a4b364f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a8605945180794bc8883e841cc0dd75f

SHA1
148e8cc0e10fcfe15040537db9e3ef4119757790

SHA256
29d9c8ab10a30f66feb314a9ffc4f2f23475ed2364acd30e772c8810dc211c1e

SHA512
4bbab7c1f6cfad25987a05a4425583e884898b2f8b0c4a22b3412a3abc3ca7d1e1d8b676d219f994db8d5458c36849786b65fe3b9a72a75f310b09425c1ce0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/3092-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4736-13-0x0000027F00000000-0x0000027F00270000-memory.dmp

Filesize
2.4MB

Download
memory/4736-12-0x0000027F76FE0000-0x0000027F76FE1000-memory.dmp

Filesize
4KB

Download
memory/4736-3-0x0000027F00000000-0x0000027F00270000-memory.dmp

Filesize
2.4MB

Download