Overview
overview
7Static
static
7trojan-lea...za.exe
windows10-1703-x64
7trojan-lea...za.exe
windows7-x64
7trojan-lea...za.exe
windows10-2004-x64
7trojan-lea...is.exe
windows10-1703-x64
3trojan-lea...is.exe
windows7-x64
3trojan-lea...is.exe
windows10-2004-x64
3trojan-lea...es.exe
windows10-1703-x64
1trojan-lea...es.exe
windows7-x64
1trojan-lea...es.exe
windows10-2004-x64
1trojan-lea...readme
windows10-1703-x64
1trojan-lea...readme
windows7-x64
1trojan-lea...readme
windows10-2004-x64
1trojan-lea...oc.exe
windows10-1703-x64
6trojan-lea...oc.exe
windows7-x64
6trojan-lea...oc.exe
windows10-2004-x64
6trojan-lea...in.zip
windows10-1703-x64
1trojan-lea...in.zip
windows7-x64
1trojan-lea...in.zip
windows10-2004-x64
trojan-lea...23).7z
windows10-1703-x64
3trojan-lea...23).7z
windows7-x64
3trojan-lea...23).7z
windows10-2004-x64
trojan-lea...DI.exe
windows10-1703-x64
1trojan-lea...DI.exe
windows7-x64
1trojan-lea...DI.exe
windows10-2004-x64
1trojan-lea...n).exe
windows10-1703-x64
7trojan-lea...n).exe
windows7-x64
7trojan-lea...n).exe
windows10-2004-x64
7trojan-lea...n).exe
windows10-1703-x64
7trojan-lea...n).exe
windows7-x64
7trojan-lea...n).exe
windows10-2004-x64
Resubmissions
09-05-2023 19:22
230509-x3fn4adg58 1009-05-2023 19:14
230509-xxsrgaff7x 1009-05-2023 19:14
230509-xxr5yadg42 709-05-2023 19:14
230509-xxrt6sff7w 809-05-2023 19:14
230509-xxrjeaff7v 809-05-2023 19:14
230509-xxqxwadg39 709-05-2023 19:14
230509-xxql4sff7t 1009-05-2023 19:14
230509-xxqbcadg38 709-05-2023 19:10
230509-xvl6xadf64 10Analysis
-
max time kernel
30s -
max time network
36s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
09-05-2023 19:14
Behavioral task
behavioral1
Sample
trojan-leaks-main/skidded/Quakeganza.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
trojan-leaks-main/skidded/Quakeganza.exe
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
trojan-leaks-main/skidded/Quakeganza.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
trojan-leaks-main/skidded/Unis.exe
Resource
win10-20230220-en
Behavioral task
behavioral5
Sample
trojan-leaks-main/skidded/Unis.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
trojan-leaks-main/skidded/Unis.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
trojan-leaks-main/skidded/Xazdes.exe
Resource
win10-20230220-en
Behavioral task
behavioral8
Sample
trojan-leaks-main/skidded/Xazdes.exe
Resource
win7-20230220-en
Behavioral task
behavioral9
Sample
trojan-leaks-main/skidded/Xazdes.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
trojan-leaks-main/skidded/readme
Resource
win10-20230220-en
Behavioral task
behavioral11
Sample
trojan-leaks-main/skidded/readme
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
trojan-leaks-main/skidded/readme
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
trojan-leaks-main/skidded/shacoc.exe
Resource
win10-20230220-en
Behavioral task
behavioral14
Sample
trojan-leaks-main/skidded/shacoc.exe
Resource
win7-20230220-en
Behavioral task
behavioral15
Sample
trojan-leaks-main/skidded/shacoc.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral16
Sample
trojan-leaks-main/skidded/tin.zip
Resource
win10-20230220-en
Behavioral task
behavioral17
Sample
trojan-leaks-main/skidded/tin.zip
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
trojan-leaks-main/skidded/tin.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
trojan-leaks-main/sphenoidale (pass 123).7z
Resource
win10-20230220-en
Behavioral task
behavioral20
Sample
trojan-leaks-main/sphenoidale (pass 123).7z
Resource
win7-20230220-en
Behavioral task
behavioral21
Sample
trojan-leaks-main/sphenoidale (pass 123).7z
Resource
win10v2004-20230221-en
Behavioral task
behavioral22
Sample
trojan-leaks-main/sphenoidale GDI.exe
Resource
win10-20230220-en
Behavioral task
behavioral23
Sample
trojan-leaks-main/sphenoidale GDI.exe
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
trojan-leaks-main/sphenoidale GDI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
trojan-leaks-main/ő (en).exe
Resource
win10-20230220-en
Behavioral task
behavioral26
Sample
trojan-leaks-main/ő (en).exe
Resource
win7-20230220-en
Behavioral task
behavioral27
Sample
trojan-leaks-main/ő (en).exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral28
Sample
trojan-leaks-main/ő (en).exe
Resource
win10-20230220-en
Behavioral task
behavioral29
Sample
trojan-leaks-main/ő (en).exe
Resource
win7-20230220-en
Behavioral task
behavioral30
Sample
trojan-leaks-main/ő (en).exe
Resource
win10v2004-20230220-en
General
-
Target
trojan-leaks-main/skidded/Unis.exe
-
Size
892KB
-
MD5
e72088233e9d7d1d9826a35604c49fd7
-
SHA1
fa8a5990e2e1b7fb8e23af3ae54be58fce2125c2
-
SHA256
d2e3b68594ba8a21eb03056554dcc6ed43030e6e2969caef6f205fe86390339c
-
SHA512
3fdf6da405782b8ab3105ae088b85f0616df27fb58042bc9e4adc458017e345e8bb4199ccc1b4682f8471bc463c888ff658513bb25ed0f1cc6027c0606cf69b5
-
SSDEEP
12288:GoSWNTlKOtLP3gagtWFvD34Isq0hZsEZy35LDSbtn6tfJtvDyG4G99:GoS2TlhtKidsd+EZV6NJdUA9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Unis.exedescription pid process target process PID 932 wrote to memory of 472 932 Unis.exe cmd.exe PID 932 wrote to memory of 472 932 Unis.exe cmd.exe PID 932 wrote to memory of 472 932 Unis.exe cmd.exe PID 932 wrote to memory of 472 932 Unis.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\skidded\Unis.exe"C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\skidded\Unis.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:932 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3AA1.tmp\3AA2.tmp\3AA3.bat C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\skidded\Unis.exe"2⤵PID:472
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
714B
MD5c645904efc201e9cc2660d251a08f3cb
SHA16d35f7f5f7012710b228a280e2a49eff98e4adcd
SHA2564e254ec30432a08d7a2a11ed188bd017fd555bd998c7233c1f444541fac5001b
SHA512053f781df0403561cf5889aa7d0688f5ab13a2005524aa4ac2be911c0a7597544763c726d9e40e894773bcc73e37f11113576fa2567d05e83ff64790e423ef73