Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
24s -
max time network
90s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
21/03/2023, 02:16
General
-
Target
http://ebfertility.com
Malware Config
Extracted
laplas
http://45.159.189.105
-
api_key
9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172
Signatures
-
Detect rhadamanthys stealer shellcode 2 IoCs
-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
GoLang User-Agent 1 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 22 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://ebfertility.com1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\clipp.exe"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\clipp.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exeC:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe3⤵
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\serv.exe"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\serv.exe"2⤵
-
-
C:\Windows\System32\fontview.exe"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\Arimo-Italic.ttf2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5545d6555ae115456d26d676111c1a3c2
SHA198d780b12f2edd9bfa2f518bcb1f168bb0ce6106
SHA2565f4917a32312ba8a011502e2147567d678984d820223367a2a4c5d6dda2a758c
SHA512a185d9d3a217e09006f5f13d2cd74a349b6ad222e87d9c749a7b8dcf9679ec3da75158ffc64786581d63d2781caa03c78c99a7fa8eb1f19c1821230172503040
-
Filesize
1.9MB
MD58c59b0c004d6d108c494ed8e96f573bb
SHA162856aa334190053f0e3b41f7f379a77aaf1cdb1
SHA2562297b0cced9fde691e8f430d0198f76227b3e617658a6119753d942f9677f589
SHA5122c966dde8aa92dec51080a02a38c8ed207cd51fc8196bd6a92e3eff316bb6370c90900f3b6c0d5d06e93f34ef925c509cb2c11f3d16a0cd3dc8984f853f85a6d
-
Filesize
3.2MB
MD512c9ffd6da618549ff72192b588354b1
SHA1b5686190f602449fe4db14da7a31e541d29aad49
SHA256cc551bcb062e26f7f34be3e568f915b3bcb2927ba89797e55780e0ed99ff8655
SHA512668ab1e02d1a18d5a94bf350024a7c88f0c7c6e0a64483332663075fbfa605ed1cf99928f982996577e0964d7cec7a1be1ee4b6041a84c10185017a2d0054c42
-
Filesize
3.2MB
MD512c9ffd6da618549ff72192b588354b1
SHA1b5686190f602449fe4db14da7a31e541d29aad49
SHA256cc551bcb062e26f7f34be3e568f915b3bcb2927ba89797e55780e0ed99ff8655
SHA512668ab1e02d1a18d5a94bf350024a7c88f0c7c6e0a64483332663075fbfa605ed1cf99928f982996577e0964d7cec7a1be1ee4b6041a84c10185017a2d0054c42
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
3.2MB
MD512c9ffd6da618549ff72192b588354b1
SHA1b5686190f602449fe4db14da7a31e541d29aad49
SHA256cc551bcb062e26f7f34be3e568f915b3bcb2927ba89797e55780e0ed99ff8655
SHA512668ab1e02d1a18d5a94bf350024a7c88f0c7c6e0a64483332663075fbfa605ed1cf99928f982996577e0964d7cec7a1be1ee4b6041a84c10185017a2d0054c42
-
Filesize
479KB
MD5545d6555ae115456d26d676111c1a3c2
SHA198d780b12f2edd9bfa2f518bcb1f168bb0ce6106
SHA2565f4917a32312ba8a011502e2147567d678984d820223367a2a4c5d6dda2a758c
SHA512a185d9d3a217e09006f5f13d2cd74a349b6ad222e87d9c749a7b8dcf9679ec3da75158ffc64786581d63d2781caa03c78c99a7fa8eb1f19c1821230172503040
-
Filesize
1.9MB
MD58c59b0c004d6d108c494ed8e96f573bb
SHA162856aa334190053f0e3b41f7f379a77aaf1cdb1
SHA2562297b0cced9fde691e8f430d0198f76227b3e617658a6119753d942f9677f589
SHA5122c966dde8aa92dec51080a02a38c8ed207cd51fc8196bd6a92e3eff316bb6370c90900f3b6c0d5d06e93f34ef925c509cb2c11f3d16a0cd3dc8984f853f85a6d
-
Filesize
1.9MB
MD58c59b0c004d6d108c494ed8e96f573bb
SHA162856aa334190053f0e3b41f7f379a77aaf1cdb1
SHA2562297b0cced9fde691e8f430d0198f76227b3e617658a6119753d942f9677f589
SHA5122c966dde8aa92dec51080a02a38c8ed207cd51fc8196bd6a92e3eff316bb6370c90900f3b6c0d5d06e93f34ef925c509cb2c11f3d16a0cd3dc8984f853f85a6d
-
Filesize
161.7MB
MD58bde8ae3351aed56435381843a1120c8
SHA1d92a0e773601c20ea0f0fd442e8c0f06617ece74
SHA25605157391616f50e1556f75205f4ff85f47a399d18bcee1bbf73829f34ba576fa
SHA5125341cc7d9de7d7dc851148281608406c30ae1d6947675e15cc1775f33628ff1da715d52dd283e297676f54b8e2202f3525d6e039706e71a4c20ed47a0adb0288
-
Filesize
151.1MB
MD5f6fd62b30c77a5b65c1f8d38a87344a7
SHA179c907276e90bffadf9e8264282c31b33f93b410
SHA256b06f501e993e00b7cfc5f896368e3dd3d3d77a906a461a6fce46b9f73fd6778d
SHA5122d0dbdda6e5dc8d62ee60609c6a3a32a502d612b326cecc75bcc48c3c3015787ec970c0405a8747d6dcbb4fa7caf16bf01c974cb8ef07383464f5fde9105b2fe
-
Filesize
40.6MB
-
Filesize
40.6MB
-
Filesize
3.8MB
-
Filesize
112KB
-
Filesize
768KB
-
Filesize
112KB
-
Filesize
184KB
-
Filesize
768KB
-
Filesize
104KB
-
Filesize
16.0MB
-
Filesize
40.6MB
-
Filesize
40.6MB
-
Filesize
40.6MB
-
Filesize
40.6MB