Overview

overview

10

Static

static

7

trojan-lea...gif.7z

windows10-1703-x64

3

trojan-lea...gif.7z

windows7-x64

3

trojan-lea...gif.7z

windows10-2004-x64

3

trojan-lea...nly.7z

windows10-1703-x64

3

trojan-lea...nly.7z

windows7-x64

3

trojan-lea...nly.7z

windows10-2004-x64

trojan-lea...ce.rar

windows10-1703-x64

3

trojan-lea...ce.rar

windows7-x64

3

trojan-lea...ce.rar

windows10-2004-x64

3

trojan-lea...ck.zip

windows10-1703-x64

1

trojan-lea...ck.zip

windows7-x64

1

trojan-lea...ck.zip

windows10-2004-x64

1

trojan-lea...or.exe

windows10-1703-x64

trojan-lea...or.exe

windows7-x64

10

trojan-lea...or.exe

windows10-2004-x64

trojan-lea...um.exe

windows10-1703-x64

6

trojan-lea...um.exe

windows7-x64

6

trojan-lea...um.exe

windows10-2004-x64

6

trojan-lea...3).rar

windows10-1703-x64

3

trojan-lea...3).rar

windows7-x64

3

trojan-lea...3).rar

windows10-2004-x64

trojan-lea...eg.exe

windows10-1703-x64

3

trojan-lea...eg.exe

windows7-x64

3

trojan-lea...eg.exe

windows10-2004-x64

3

trojan-lea...um.zip

windows10-1703-x64

1

trojan-lea...um.zip

windows7-x64

1

trojan-lea...um.zip

windows10-2004-x64

1

trojan-lea...er.exe

windows10-1703-x64

3

trojan-lea...er.exe

windows7-x64

3

trojan-lea...er.exe

windows10-2004-x64

3

Resubmissions

09-05-2023 19:22

230509-x3fn4adg58 10

09-05-2023 19:14

230509-xxsrgaff7x 10

09-05-2023 19:14

230509-xxr5yadg42 7

09-05-2023 19:14

230509-xxrt6sff7w 8

09-05-2023 19:14

230509-xxrjeaff7v 8

09-05-2023 19:14

230509-xxqxwadg39 7

09-05-2023 19:14

230509-xxql4sff7t 10

09-05-2023 19:14

230509-xxqbcadg38 7

09-05-2023 19:10

230509-xvl6xadf64 10

Analysis

  • max time kernel
    157s
  • max time network
    408s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2023 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    trojan-leaks-main/hi2.0 source.rar

  • Size

    140KB

  • MD5

    0a805347184e8c5cff43fa497a22d968

  • SHA1

    e53d6a56f58527d0b4e0a7d280217180c4bcc26f

  • SHA256

    babeb3b0413027b516a0a07bcb17fc97ae7095183dc6d2f6c5e54fb6137de947

  • SHA512

    4dd8fb00ea6fd79bf44e07a37aaa6a307ca6ff2516f6ffb3396c6a9c5fc81d4af70de4e55c7c31b5afa9207f2c5628b12a8a08ec6b4690ebe0b3488971b97440

  • SSDEEP

    3072:RuG/txBjmtNH5WPrA0mZ9JhLfqMGWKIzHuxBvkHAG7D/I/SQm:RNjBj6aPUfpVqMzgpkgGXIi

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\hi2.0 source.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\hi2.0 source.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:900
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\hi2.0 source.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2000-78-0x000000013F6A0000-0x000000013F798000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2000-79-0x000007FEFAEE0000-0x000007FEFAF14000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2000-80-0x000007FEF6D80000-0x000007FEF7034000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2000-81-0x000007FEFC0B0000-0x000007FEFC0C8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2000-82-0x000007FEFAEC0000-0x000007FEFAED7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2000-85-0x000007FEF7140000-0x000007FEF7151000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-84-0x000007FEF7630000-0x000007FEF7647000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2000-83-0x000007FEFAEA0000-0x000007FEFAEB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-86-0x000007FEF7120000-0x000007FEF713D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2000-87-0x000007FEF7100000-0x000007FEF7111000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-88-0x000007FEF5B40000-0x000007FEF6BEB000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2000-89-0x000007FEF5940000-0x000007FEF5B40000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2000-96-0x000007FEF6D10000-0x000007FEF6D31000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2000-95-0x000007FEF6D40000-0x000007FEF6D7F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2000-97-0x000007FEF6CF0000-0x000007FEF6D08000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2000-98-0x000007FEF6CD0000-0x000007FEF6CE1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-99-0x000007FEF6C70000-0x000007FEF6C81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-104-0x000007FEF58F0000-0x000007FEF5920000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2000-105-0x000007FEF5880000-0x000007FEF58E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2000-103-0x000007FEF5920000-0x000007FEF5938000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2000-102-0x000007FEF6C10000-0x000007FEF6C21000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-106-0x000007FEF5810000-0x000007FEF587F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2000-101-0x000007FEF6C30000-0x000007FEF6C4B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2000-107-0x000007FEF57F0000-0x000007FEF5801000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-100-0x000007FEF6C50000-0x000007FEF6C61000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-108-0x000007FEF5790000-0x000007FEF57E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2000-112-0x000007FEF56C0000-0x000007FEF56E3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2000-111-0x000007FEF56F0000-0x000007FEF5707000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2000-110-0x000007FEF5710000-0x000007FEF5734000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2000-113-0x000007FEF55D0000-0x000007FEF55E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-109-0x000007FEF5740000-0x000007FEF5768000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2000-114-0x000007FEF55B0000-0x000007FEF55C2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2000-115-0x000007FEF5580000-0x000007FEF55A1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2000-116-0x000007FEF5560000-0x000007FEF5573000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2000-117-0x000007FEF5540000-0x000007FEF5552000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2000-118-0x000007FEF5400000-0x000007FEF553B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2000-119-0x000007FEF53D0000-0x000007FEF53FC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2000-120-0x000007FEF5210000-0x000007FEF53C2000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2000-121-0x000007FEF4D10000-0x000007FEF4D6C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2000-123-0x000007FEF4B70000-0x000007FEF4C07000-memory.dmp

    Filesize

    604KB

    Download

  • memory/2000-122-0x000007FEF4C10000-0x000007FEF4C21000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-124-0x000007FEF4B50000-0x000007FEF4B62000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2000-125-0x000007FEF46C0000-0x000007FEF48F1000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2000-126-0x000007FEF45A0000-0x000007FEF46B2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2000-127-0x000007FEF4440000-0x000007FEF4475000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2000-128-0x000007FEF43D0000-0x000007FEF43F5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2000-129-0x000007FEF43B0000-0x000007FEF43C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-130-0x000007FEF4340000-0x000007FEF43A1000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2000-131-0x000007FEF41E0000-0x000007FEF41F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-132-0x000007FEF41C0000-0x000007FEF41D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2000-133-0x000007FEF41A0000-0x000007FEF41B3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2000-134-0x000007FEF4100000-0x000007FEF419F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2000-135-0x000007FEF40E0000-0x000007FEF40F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-136-0x000007FEF3FD0000-0x000007FEF40D2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2000-139-0x000007FEF3F70000-0x000007FEF3F81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-138-0x000007FEF3F90000-0x000007FEF3FA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2000-137-0x000007FEF3FB0000-0x000007FEF3FC1000-memory.dmp

    Filesize

    68KB

    Download