Overview

overview

1

Static

static

1

WinTroyBuilder.exe

windows7-x64

1

WinTroyBuilder.exe

windows10-2004-x64

1

WinTroyBuilder.exe

android-9-x86

WinTroyBuilder.exe

android-10-x64

WinTroyBuilder.exe

android-11-x64

WinTroyBuilder.exe

macos-10.15-amd64

1

WinTroyBuilder.exe

ubuntu-18.04-amd64

WinTroyBuilder.exe

debian-9-armhf

WinTroyBuilder.exe

debian-9-mips

WinTroyBuilder.exe

debian-9-mipsel

Resubmissions

08-02-2023 04:17

230208-ewg98shb88 1

08-02-2023 04:10

230208-ervprsge81 7

02-02-2023 17:55

230202-whhsaagf32 10

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-02-2023 04:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinTroyBuilder.exe

  • Size

    2.8MB

  • MD5

    3d46955ab2275455a983c1c327835366

  • SHA1

    c18655daaaa564c2f4f2932f561f885cb1aff36b

  • SHA256

    9bf03a8f81f0c51e9f1a9cd6016ecccf7443c1559e4e4b44547b8a13521b152a

  • SHA512

    8d28dbc134d78b3ae21bf125a1eab81e6c9ab7d57c5148b3e0ac10dd40b76fe24b6846131f0224fb13d84cb0fe16f8d88cc5c97c5bbea5ec9e00960205c04332

  • SSDEEP

    49152:fOPSa4ZImzdAxZmKLEb+T+VY07d7AidLAbbtwSjugkKNJxeWsoDjLX:fraitzdAfBEa0AiLAbbO0ugk8V

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinTroyBuilder.exe
    "C:\Users\Admin\AppData\Local\Temp\WinTroyBuilder.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4880
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\Desktop\ProtectUninstall.dot"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3060

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3060-138-0x00007FFD4F230000-0x00007FFD4F240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-140-0x00007FFD4D0A0000-0x00007FFD4D0B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-146-0x00007FFD4F230000-0x00007FFD4F240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-135-0x00007FFD4F230000-0x00007FFD4F240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-136-0x00007FFD4F230000-0x00007FFD4F240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-137-0x00007FFD4F230000-0x00007FFD4F240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-145-0x00007FFD4F230000-0x00007FFD4F240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-144-0x00007FFD4F230000-0x00007FFD4F240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-143-0x00007FFD4F230000-0x00007FFD4F240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-141-0x00007FFD4D0A0000-0x00007FFD4D0B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3060-139-0x00007FFD4F230000-0x00007FFD4F240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4880-132-0x0000014F8C610000-0x0000014F8C8E4000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/4880-133-0x00007FFD70340000-0x00007FFD70E01000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4880-134-0x00007FFD70340000-0x00007FFD70E01000-memory.dmp

    Filesize

    10.8MB

    Download