Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    300s
  • max time network
    301s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/05/2023, 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04b33b3d875d0e43b08ea4b0d39c54dae21844af70a8066f567bf9c5de4c5be4.exe

  • Size

    3.6MB

  • MD5

    bbcc6333ddfaa59c7b2fc33b5e9f98d4

  • SHA1

    2f089f05e18fba5f98c047f6308067b964f77efe

  • SHA256

    04b33b3d875d0e43b08ea4b0d39c54dae21844af70a8066f567bf9c5de4c5be4

  • SHA512

    d288a29deab62dc4e53aa1c126e6dbe12c7e3ba6979d2c9658a30cd1299da6775944ea2b80543bbcd5bcea6f243b9726b3290ccd72fff58c4cad8280ddd0cdb8

  • SSDEEP

    49152:nSAL0pQ6lDL5xhY2+B6UWkMi5PjdbVAL+rUWrLWNs1b785tV/7uVnjM97KNqpIiU:8pQ6lRxC6Yd+GrD785tIE/N3EAB0F

Score
10/10
laplasclipperevasionpersistencestealertrojan

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04b33b3d875d0e43b08ea4b0d39c54dae21844af70a8066f567bf9c5de4c5be4.exe
    "C:\Users\Admin\AppData\Local\Temp\04b33b3d875d0e43b08ea4b0d39c54dae21844af70a8066f567bf9c5de4c5be4.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:4208

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    732.6MB

    MD5

    28acaae777e4d96dcda135840662bbf9

    SHA1

    c2942fdb68063af83a0d72a8f5dbc7dc7d578431

    SHA256

    3ecae8d5fd24cf819ac324fc19af1c621b2f288ce0c2139cec7e3038c9185c93

    SHA512

    14b495ca208a369ef5a5e661bc2862b91e1846d6b9e19d7bd719518935c49a221dd009e1edc727daaf03454aa21a3b6dbaa05c692e8ba58b6777fc2ccc1112ce

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    732.6MB

    MD5

    28acaae777e4d96dcda135840662bbf9

    SHA1

    c2942fdb68063af83a0d72a8f5dbc7dc7d578431

    SHA256

    3ecae8d5fd24cf819ac324fc19af1c621b2f288ce0c2139cec7e3038c9185c93

    SHA512

    14b495ca208a369ef5a5e661bc2862b91e1846d6b9e19d7bd719518935c49a221dd009e1edc727daaf03454aa21a3b6dbaa05c692e8ba58b6777fc2ccc1112ce

    Download Submit

  • memory/2760-118-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2760-119-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2760-120-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2760-121-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2760-122-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2760-123-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2760-124-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2760-125-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2760-127-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2760-131-0x0000000000B00000-0x00000000013CD000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-145-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-153-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-134-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-136-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-137-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-138-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-139-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-140-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-141-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-142-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-143-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-144-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-132-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-146-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-147-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-149-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-150-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-151-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-152-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-133-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-154-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-155-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-156-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-157-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-158-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-159-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-160-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-161-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-162-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-163-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-164-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-165-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-166-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-167-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-168-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-169-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/4208-170-0x0000000001150000-0x0000000001A1D000-memory.dmp

    Filesize

    8.8MB

    Download