Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    288s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/12/2022, 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fc2b54f096ed132efadac0b097ebf55c867e346f5685588981f40310997452f.exe

  • Size

    8.6MB

  • MD5

    2160b328dfdbbe8080a40f80ae87af73

  • SHA1

    2577334ab8183268e78221adad7b681440b180a6

  • SHA256

    3fc2b54f096ed132efadac0b097ebf55c867e346f5685588981f40310997452f

  • SHA512

    d2238ede6db9268f6365f18a095158c1862faaa28f84f4dc3b6295aab97b5ce9167d449dc52457a2a42eaccf46bbdae7a82b3cad6fa99ad79900fb41d1c3652b

  • SSDEEP

    196608:hT73/ahrYWuQouogKsCuo5aKmU/FkcDrhwJb2No+dFBP6:hT73/azo91la6/Fkcn+0o+dF16

Score
10/10
laplasstealer

Malware Config

Extracted

Family

laplas

C2

clipper.guru

Attributes
  • api_key

    dd611369e3344bc4aad751531e739d725fb32f33363f67a0bf7a4ea33213af63

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with two variants written in Golang and C#.

    stealerlaplas
  • Executes dropped EXE 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fc2b54f096ed132efadac0b097ebf55c867e346f5685588981f40310997452f.exe
    "C:\Users\Admin\AppData\Local\Temp\3fc2b54f096ed132efadac0b097ebf55c867e346f5685588981f40310997452f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3824
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C schtasks /create /tn CthDkNHxan /tr C:\Users\Admin\AppData\Roaming\CthDkNHxan\SIAEwHQlys.exe /st 00:00 /du 9999:59 /sc once /ri 1 /f
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /tn CthDkNHxan /tr C:\Users\Admin\AppData\Roaming\CthDkNHxan\SIAEwHQlys.exe /st 00:00 /du 9999:59 /sc once /ri 1 /f
        3⤵
        • Creates scheduled task(s)
        PID:2456
  • C:\Users\Admin\AppData\Roaming\CthDkNHxan\SIAEwHQlys.exe
    C:\Users\Admin\AppData\Roaming\CthDkNHxan\SIAEwHQlys.exe
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    PID:1996

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\CthDkNHxan\SIAEwHQlys.exe
    Filesize

    698.5MB

    MD5

    147872524f9ba64e4c98c3a99869c3ac

    SHA1

    ae6fc84aa8568c0de96d333ebfc0f55e91c335dd

    SHA256

    a4a39770c812bbbf074a93807d14634fb7f05c12593f9aa40223b86eb7f48852

    SHA512

    4aa5566039734933cad2f349d37bbd8c40ed141d061ecfc164a29a0ef6c7050414730ed1f15e989ebf48659656565105ba0544e43ef49eb8ccca581c922a9524

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CthDkNHxan\SIAEwHQlys.exe
    Filesize

    698.5MB

    MD5

    147872524f9ba64e4c98c3a99869c3ac

    SHA1

    ae6fc84aa8568c0de96d333ebfc0f55e91c335dd

    SHA256

    a4a39770c812bbbf074a93807d14634fb7f05c12593f9aa40223b86eb7f48852

    SHA512

    4aa5566039734933cad2f349d37bbd8c40ed141d061ecfc164a29a0ef6c7050414730ed1f15e989ebf48659656565105ba0544e43ef49eb8ccca581c922a9524

    Download Submit

  • memory/1996-178-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-177-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-184-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-183-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-181-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-182-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-180-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-179-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-218-0x00000000003F0000-0x00000000014B3000-memory.dmp

    Filesize

    16.8MB

    Download

  • memory/1996-207-0x00000000003F0000-0x00000000014B3000-memory.dmp

    Filesize

    16.8MB

    Download

  • memory/1996-176-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-175-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-174-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1996-173-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2100-151-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2100-150-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2100-149-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2100-148-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2100-147-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-170-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-164-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-169-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-168-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-167-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-166-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-165-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-163-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-162-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-161-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-160-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-153-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-154-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-155-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-156-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-157-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-158-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-159-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-133-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-120-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-138-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-139-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-136-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-140-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-141-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-145-0x0000000000AC0000-0x0000000001B83000-memory.dmp

    Filesize

    16.8MB

    Download

  • memory/3824-144-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-143-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-116-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-171-0x0000000000AC0000-0x0000000001B83000-memory.dmp

    Filesize

    16.8MB

    Download

  • memory/3824-137-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-135-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-142-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-132-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-128-0x0000000000AC0000-0x0000000001B83000-memory.dmp

    Filesize

    16.8MB

    Download

  • memory/3824-127-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-126-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-125-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-123-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-124-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-122-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-134-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-121-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-119-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-118-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-117-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download