Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

trojan-lea...za.exe

windows10-1703-x64

7

trojan-lea...za.exe

windows7-x64

7

trojan-lea...za.exe

windows10-2004-x64

7

trojan-lea...is.exe

windows10-1703-x64

3

trojan-lea...is.exe

windows7-x64

3

trojan-lea...is.exe

windows10-2004-x64

3

trojan-lea...es.exe

windows10-1703-x64

1

trojan-lea...es.exe

windows7-x64

1

trojan-lea...es.exe

windows10-2004-x64

1

trojan-lea...readme

windows10-1703-x64

1

trojan-lea...readme

windows7-x64

1

trojan-lea...readme

windows10-2004-x64

1

trojan-lea...oc.exe

windows10-1703-x64

6

trojan-lea...oc.exe

windows7-x64

6

trojan-lea...oc.exe

windows10-2004-x64

6

trojan-lea...in.zip

windows10-1703-x64

1

trojan-lea...in.zip

windows7-x64

1

trojan-lea...in.zip

windows10-2004-x64

trojan-lea...23).7z

windows10-1703-x64

3

trojan-lea...23).7z

windows7-x64

3

trojan-lea...23).7z

windows10-2004-x64

trojan-lea...DI.exe

windows10-1703-x64

1

trojan-lea...DI.exe

windows7-x64

1

trojan-lea...DI.exe

windows10-2004-x64

1

trojan-lea...n).exe

windows10-1703-x64

7

trojan-lea...n).exe

windows7-x64

7

trojan-lea...n).exe

windows10-2004-x64

7

trojan-lea...n).exe

windows10-1703-x64

7

trojan-lea...n).exe

windows7-x64

7

trojan-lea...n).exe

windows10-2004-x64

Resubmissions

09/05/2023, 19:22

230509-x3fn4adg58 10

09/05/2023, 19:14

230509-xxsrgaff7x 10

09/05/2023, 19:14

230509-xxr5yadg42 7

09/05/2023, 19:14

230509-xxrt6sff7w 8

09/05/2023, 19:14

230509-xxrjeaff7v 8

09/05/2023, 19:14

230509-xxqxwadg39 7

09/05/2023, 19:14

230509-xxql4sff7t 10

09/05/2023, 19:14

230509-xxqbcadg38 7

09/05/2023, 19:10

230509-xvl6xadf64 10

Analysis

  • max time kernel
    157s
  • max time network
    178s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/05/2023, 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    trojan-leaks-main/ő (en).exe

  • Size

    13.2MB

  • MD5

    6d68a0c760fc1547a9d9cd3ac25769dc

  • SHA1

    aebfda195faa08af0752c4310538ae044416030b

  • SHA256

    4ec225b822f1fbb27944ff3cb2856ba214de405d2a7589abfa3bd080c1534ac4

  • SHA512

    ae45a2334f83562902d5549eddcb3475fd02685ee60401f736ed7e4b0d5a83a1f7566224059d5b28dc4b7e6dae0a9cab23f5629a5839b53c1be6e13e2b474f1a

  • SSDEEP

    393216:WRP9XCHT+X/A8chntmnTTxhuDoDpY2nbh9gwSI:8l6e4nnt6LuE1/dhSI

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\ő (en).exe
    "C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\ő (en).exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:820
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\HeadFile.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\HeadFile.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4220
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\MBR.exe
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\MBR.exe"
        3⤵
        • Executes dropped EXE
        • Writes to the Master Boot Record (MBR)
        PID:4876

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\HeadFile.exe
    Filesize

    360KB

    MD5

    aab8e05f4df037cffc1b9e3412fe277b

    SHA1

    4add73001060c13b3188fd9becc8b4607e451749

    SHA256

    1bea1f9ac11ccdf79cfd98003b6a9be5ce232d8fce18986d891ab67ca796e183

    SHA512

    abc8f71c1732945b9145993900a2b33d26c0d712eb17182bb76678db34d6ee3c344341d65114454dcc727b51a8af618785d50ecce7e4a0c31a1bdd3ac5b4bf06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\HeadFile.exe
    Filesize

    360KB

    MD5

    aab8e05f4df037cffc1b9e3412fe277b

    SHA1

    4add73001060c13b3188fd9becc8b4607e451749

    SHA256

    1bea1f9ac11ccdf79cfd98003b6a9be5ce232d8fce18986d891ab67ca796e183

    SHA512

    abc8f71c1732945b9145993900a2b33d26c0d712eb17182bb76678db34d6ee3c344341d65114454dcc727b51a8af618785d50ecce7e4a0c31a1bdd3ac5b4bf06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\MBR.exe
    Filesize

    48KB

    MD5

    f13248b7d74e5c344170aa70e16470a3

    SHA1

    c08fe5cb43b0b8477f27bce022c3aad63278b42a

    SHA256

    c1c12b39151120565f3f4212064cae26c4cc65970bdeefed370cb2fc1c3a4bb4

    SHA512

    c518f10a40d3393582933c4bcd80e78354116b82f2a819717214261841aea057fe797ed0f9c2d180b21cf876cff4b4603158ffc3120ee440a6274c925f07c817

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\MBR.exe
    Filesize

    48KB

    MD5

    f13248b7d74e5c344170aa70e16470a3

    SHA1

    c08fe5cb43b0b8477f27bce022c3aad63278b42a

    SHA256

    c1c12b39151120565f3f4212064cae26c4cc65970bdeefed370cb2fc1c3a4bb4

    SHA512

    c518f10a40d3393582933c4bcd80e78354116b82f2a819717214261841aea057fe797ed0f9c2d180b21cf876cff4b4603158ffc3120ee440a6274c925f07c817

    Download Submit

  • memory/4220-150-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/4220-151-0x0000000002190000-0x0000000002191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4876-154-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download