Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/01/2025, 01:10

General

  • Target

    Explosive Launcher v15.7/Explosive Launcher.exe

  • Size

    22.3MB

  • MD5

    368a676abc032208d0b935753e3cdf48

  • SHA1

    991f4a40286eef6179bfaa91e8c258d0097bfbcb

  • SHA256

    fc3b80514864bc18ab5f1a2c243889c5775e2df31edc7db42a5ab2a3f96e9d96

  • SHA512

    4f17f2cc013f6c8cd85a284b589577e6060b9d89be42727eee37a62e969e5fb3f24f7ef13a4707dec7b5e3947ffb4d6b321c15c00b8cc7cd3a796159a44338b0

  • SSDEEP

    393216:hYM4xYPYE4/5jpC1FhK+sQ4oy6OntgiOGIUrc7Cwrc2G/Ui6pBt/a9:oE4F4s3SOOiOdUrcprzG/Ul+

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Explosive Launcher v15.7\Explosive Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Explosive Launcher v15.7\Explosive Launcher.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:2940

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2940-0-0x00000000744BE000-0x00000000744BF000-memory.dmp

          Filesize

          4KB

        • memory/2940-1-0x0000000000BC0000-0x0000000002218000-memory.dmp

          Filesize

          22.3MB

        • memory/2940-2-0x00000000744B0000-0x0000000074B9E000-memory.dmp

          Filesize

          6.9MB

        • memory/2940-26-0x00000000007C0000-0x00000000007FC000-memory.dmp

          Filesize

          240KB

        • memory/2940-27-0x0000000006B00000-0x0000000006B6A000-memory.dmp

          Filesize

          424KB

        • memory/2940-28-0x00000000005D0000-0x00000000005EE000-memory.dmp

          Filesize

          120KB

        • memory/2940-29-0x00000000072D0000-0x000000000741A000-memory.dmp

          Filesize

          1.3MB

        • memory/2940-30-0x0000000000B10000-0x0000000000B40000-memory.dmp

          Filesize

          192KB

        • memory/2940-31-0x0000000007E80000-0x0000000007F96000-memory.dmp

          Filesize

          1.1MB

        • memory/2940-34-0x00000000744B0000-0x0000000074B9E000-memory.dmp

          Filesize

          6.9MB

        • memory/2940-35-0x00000000744BE000-0x00000000744BF000-memory.dmp

          Filesize

          4KB

        • memory/2940-36-0x00000000744B0000-0x0000000074B9E000-memory.dmp

          Filesize

          6.9MB