MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b4cf9f048c369e0c4c26cb10eea84b05c255c85267488b55bf8c01c8b324b62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 2 File information Comments

SHA256 hash:	7b4cf9f048c369e0c4c26cb10eea84b05c255c85267488b55bf8c01c8b324b62
SHA3-384 hash:	462c9762e538973be03852946d5f6b98bfd3f6a670b7dd3879831c4918527fb3e2fc559696c21b8d3575272cc613ff6f
SHA1 hash:	b9c536070a554767dd8de2f08d1b89ebfb5d4f08
MD5 hash:	8a0bba435badcabcbb3a373020f1a121
humanhash:	eighteen-asparagus-south-violet
File name:	Launch1.exe
Download:	download sample
File size:	2'651'035 bytes
First seen:	2023-01-05 19:14:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e10a2610b29dee0db737e4495f169c0a
ssdeep	49152:qgZCDw7Rx3AtlG4PLlDFTeRPR3tuNMy+lBtI26kAfPWbzx:qv+z3AtlG4PLlDFTeXyMZntI2YWfx
Threatray	243 similar samples on MalwareBazaar
TLSH	T1C0C5D113F76240B7C125223018B61B3AEBB4FA565F25CBCBD750ED7D9C72241AB6222D
TrID	38.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 13.0% (.EXE) Win64 Executable (generic) (10523/12/4) 8.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	70c8aa6464eaa260
Reporter	atomiczsec
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

182

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Launch1.exe

Verdict:

No threats detected

Analysis date:

2023-01-05 19:18:37 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/19acf8ff-6626-41ed-bf1e-8ceae204e0a1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/349776/

Detection(s):

Win.Malware.Trojanx-9951053-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Sending a custom TCP request

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

evasive greyware keylogger overlay packed rundll32.exe shell32.dll

Link:

https://www.filescan.io/uploads/63b721b7a70bef46551d375d/reports/4c82d202-a727-47a8-b608-2e26ee1bbff6/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/77eb978f-3ce6-4480-a7d5-ec7a3f281510

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1145868

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Uses Windows timers to delay execution

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7b4cf9f048c369e0c4c26cb10eea84b05c255c85267488b55bf8c01c8b324b62/

Threat name:

Win32.Trojan.Emotet

Status:

Malicious

First seen:

2023-01-05 19:15:14 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 41 (58.54%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pngpt4ciynu6brgcnsyq52uewbockxefez2irnk37dabzczsjnra._file

Verdict:

malicious

56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652

5bd7d5a5ab6925d21b98481b204cfaf5be9e4d09479ca517d6fa25fec49adc9f

6ce171619dd97a51a8d5e6a4eaeea86f4fea6ed400c9e0a879b690b4fbd0a6b4

75b388003cc32b680abc3d9b41bc6c435af723de235eaab36a323fddcb906f62

799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325

7c251123eb36d87a056ea6f68a795ba35595090e4f46b3e38e04a52bb9851cd2

8202ba56a591ceb1f3cf497f31d9da7d5d897a59656640b16a0e442ae1190e22

faaf2d27ca3c7a332b9c9474b869931e614e77697d30703c4f2c02b14237b019

+ 233 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/230105-xx766ach98/

Behaviour

Suspicious use of SetWindowsHookEx

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/18f88605-c2a6-4de6-9af7-11239297e0ad

Unpacked files

SH256 hash:

7b4cf9f048c369e0c4c26cb10eea84b05c255c85267488b55bf8c01c8b324b62

MD5 hash:

8a0bba435badcabcbb3a373020f1a121

SHA1 hash:

b9c536070a554767dd8de2f08d1b89ebfb5d4f08

Link:

https://www.unpac.me/results/749806f9-e716-4308-bc81-7af5c8e46cde/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.08

Link:

https://yomi.yoroi.company/submissions/7b4cf9f048c369e0c4c26cb10eea84b05c255c85267488b55bf8c01c8b324b62

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	without_attachments Create hunting rule
Author:	Antonio Sanchez <asanchez@hispasec.com>
Description:	Rule to detect the no presence of any attachment
Reference:	http://laboratorio.blogs.hispasec.com/

Rule name:	with_urls Create hunting rule
Author:	Antonio Sanchez <asanchez@hispasec.com>
Description:	Rule to detect the presence of an or several urls
Reference:	http://laboratorio.blogs.hispasec.com/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/349776/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample