Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3469724e57...ac.exe

windows7-x64

10

3469724e57...ac.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2023, 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3469724e57612ca20c888a5a86719c3e4b6fe71f2cfcfecff2fb3950fd0a32ac.exe

  • Size

    3.5MB

  • MD5

    f5548281bcdcec5c1d151d3417412042

  • SHA1

    be6d9b40b6ede0f3c5582b8f48bde7f44f2ed792

  • SHA256

    3469724e57612ca20c888a5a86719c3e4b6fe71f2cfcfecff2fb3950fd0a32ac

  • SHA512

    387d864aca4be8691c20b0ec4b11906491cdb7b0fc435f59699c0596a47ad086d711ed97c47a611b58adf1096203ab7a488e26c307d885e566f56db6dcecab4c

  • SSDEEP

    98304:k4SaRf9WEiCfCO55VCKCwKmLE323hOViL6IEifjGV9J:k431WwDCbfj23hOViLZEif0

Score
10/10
laplasclipperevasionpersistencestealertrojan

Malware Config

Extracted

Family

laplas

C2

http://89.23.97.128

Attributes
  • api_key

    bc2dceabe69fa26dbf4dd8295d65e03e1990633a88c1c8410825c9266b239396

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3469724e57612ca20c888a5a86719c3e4b6fe71f2cfcfecff2fb3950fd0a32ac.exe
    "C:\Users\Admin\AppData\Local\Temp\3469724e57612ca20c888a5a86719c3e4b6fe71f2cfcfecff2fb3950fd0a32ac.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:224

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    361.6MB

    MD5

    b3ac770b466020af4503660147fcfe82

    SHA1

    825d523aaab02bed2b7a44726eba7257cc32c78f

    SHA256

    993ec0d7e103df6ebcad5f35347fb18edcb72e55eab4296b7201e8a5250e4973

    SHA512

    e462c6cc7dfefa06ab77da5cb0ec51b4e25cff8ea72a983b8e0d97bf87b1a94a8c50ab4b784f4820f01b7ccefd8aeb4dd1897e8260c4c672f815b13890e27930

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    394.9MB

    MD5

    024d4f7ba63b0f96a2a13469a6e2356e

    SHA1

    6fd13257837dcd6cbf2550f9d747e9b4d2a6709c

    SHA256

    bd336740c32933a4e4833db04e6643f4c036e008bc5ddb8b3e54f7e0e746647c

    SHA512

    7e803d91edf96a4ff552496087b19154e0b99c6254d8eab3f1dc4643ecdc4693c309d1a45fafd3a80ac1150ec05f5379dc6ea83699ad3e0d19953b9bc3bf52d5

    Download Submit

  • memory/224-162-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-163-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-171-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-170-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-169-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-168-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-167-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-166-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-164-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-153-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-155-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-159-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-149-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-150-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-151-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-152-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-161-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-154-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-160-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-156-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-157-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/224-158-0x0000000000060000-0x00000000008C8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-135-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-134-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-136-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-133-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-148-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-144-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-142-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-141-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-140-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-139-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-138-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/2788-137-0x0000000000140000-0x00000000009A8000-memory.dmp

    Filesize

    8.4MB

    Download