Overview

overview

7

Static

static

7

trojan-lea...64.exe

windows10-1703-x64

7

trojan-lea...64.exe

windows7-x64

7

trojan-lea...64.exe

windows10-2004-x64

7

trojan-lea...net.7z

windows10-1703-x64

3

trojan-lea...net.7z

windows7-x64

3

trojan-lea...net.7z

windows10-2004-x64

3

trojan-lea...e).rar

windows10-1703-x64

3

trojan-lea...e).rar

windows7-x64

3

trojan-lea...e).rar

windows10-2004-x64

3

trojan-lea...rn.exe

windows10-1703-x64

1

trojan-lea...rn.exe

windows7-x64

1

trojan-lea...rn.exe

windows10-2004-x64

trojan-lea....1.zip

windows10-1703-x64

1

trojan-lea....1.zip

windows7-x64

1

trojan-lea....1.zip

windows10-2004-x64

1

trojan-lea...ME.txt

windows10-1703-x64

1

trojan-lea...ME.txt

windows7-x64

1

trojan-lea...ME.txt

windows10-2004-x64

1

trojan-lea...an.exe

windows10-1703-x64

7

trojan-lea...an.exe

windows7-x64

7

trojan-lea...an.exe

windows10-2004-x64

7

trojan-lea...ME.txt

windows10-1703-x64

1

trojan-lea...ME.txt

windows7-x64

1

trojan-lea...ME.txt

windows10-2004-x64

trojan-lea...86.exe

windows10-1703-x64

7

trojan-lea...86.exe

windows7-x64

7

trojan-lea...86.exe

windows10-2004-x64

7

trojan-lea...ta.exe

windows10-1703-x64

7

trojan-lea...ta.exe

windows7-x64

7

trojan-lea...ta.exe

windows10-2004-x64

7

Resubmissions

09-05-2023 19:22

230509-x3fn4adg58 10

09-05-2023 19:14

230509-xxsrgaff7x 10

09-05-2023 19:14

230509-xxr5yadg42 7

09-05-2023 19:14

230509-xxrt6sff7w 8

09-05-2023 19:14

230509-xxrjeaff7v 8

09-05-2023 19:14

230509-xxqxwadg39 7

09-05-2023 19:14

230509-xxql4sff7t 10

09-05-2023 19:14

230509-xxqbcadg38 7

09-05-2023 19:10

230509-xvl6xadf64 10

Analysis

  • max time kernel
    152s
  • max time network
    424s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2023 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    trojan-leaks-main/dobrota/VC_redist.x86.exe

  • Size

    13.1MB

  • MD5

    ca778a97f31d6ab131f1e0bb58a466fb

  • SHA1

    5b8637acc24f11e9bf83c77aacc8d529ea62d173

  • SHA256

    91c21c93a88dd82e8ae429534dacbc7a4885198361eae18d82920c714e328cf9

  • SHA512

    e2de89cb69803339f765bc1b29a7d6b24effd079f8296463ae6be0a0fdc99d2df2bc742c77b1e22ec320366ada672c022605c26ce21f7a59ba9246df8be9e27d

  • SSDEEP

    393216:T1HRlptVYmfr7yBG/4YBOdojQ1GTp8Pg5kKE:T5DpttD7yBG/1xkCp/kKE

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\dobrota\VC_redist.x86.exe
    "C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\dobrota\VC_redist.x86.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:588
    • C:\Windows\Temp\{F1268E60-D657-4B06-833E-1F4ED2D599CB}\.cr\VC_redist.x86.exe
      "C:\Windows\Temp\{F1268E60-D657-4B06-833E-1F4ED2D599CB}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\dobrota\VC_redist.x86.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1064

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{BAB1E4FE-26CC-472B-96BD-8B98B5F48E85}\.ba\logo.png
    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

    Download Submit

  • C:\Windows\Temp\{F1268E60-D657-4B06-833E-1F4ED2D599CB}\.cr\VC_redist.x86.exe
    Filesize

    632KB

    MD5

    d34111f1c804b76b2545bbe88cda9d85

    SHA1

    1b6d4b7beb22c27a809194d6029cefec3aa605a2

    SHA256

    6d357caa2726d154394b4fcd3cebf36e60f3058e23b9938de602ee537bcc4905

    SHA512

    2ca8fcab1c6bddef6db00c8e15bf4a1531288ae5c9f822e5856417c87fc4e8211296f47bb48318798367cb9144f519ebdb1e9b48aea9f44cac8ee47b12b9d8e7

    Download Submit

  • C:\Windows\Temp\{F1268E60-D657-4B06-833E-1F4ED2D599CB}\.cr\VC_redist.x86.exe
    Filesize

    632KB

    MD5

    d34111f1c804b76b2545bbe88cda9d85

    SHA1

    1b6d4b7beb22c27a809194d6029cefec3aa605a2

    SHA256

    6d357caa2726d154394b4fcd3cebf36e60f3058e23b9938de602ee537bcc4905

    SHA512

    2ca8fcab1c6bddef6db00c8e15bf4a1531288ae5c9f822e5856417c87fc4e8211296f47bb48318798367cb9144f519ebdb1e9b48aea9f44cac8ee47b12b9d8e7

    Download Submit

  • \Windows\Temp\{BAB1E4FE-26CC-472B-96BD-8B98B5F48E85}\.ba\wixstdba.dll
    Filesize

    191KB

    MD5

    eab9caf4277829abdf6223ec1efa0edd

    SHA1

    74862ecf349a9bedd32699f2a7a4e00b4727543d

    SHA256

    a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

    SHA512

    45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

    Download Submit

  • \Windows\Temp\{F1268E60-D657-4B06-833E-1F4ED2D599CB}\.cr\VC_redist.x86.exe
    Filesize

    632KB

    MD5

    d34111f1c804b76b2545bbe88cda9d85

    SHA1

    1b6d4b7beb22c27a809194d6029cefec3aa605a2

    SHA256

    6d357caa2726d154394b4fcd3cebf36e60f3058e23b9938de602ee537bcc4905

    SHA512

    2ca8fcab1c6bddef6db00c8e15bf4a1531288ae5c9f822e5856417c87fc4e8211296f47bb48318798367cb9144f519ebdb1e9b48aea9f44cac8ee47b12b9d8e7

    Download Submit