Overview

overview

10

Static

static

7

Clip1.exe

windows7-x64

10

Clip1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230824-en
  • resource tags

    arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2023 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Clip1.exe

  • Size

    9.7MB

  • MD5

    26dbb8cdc46ecf186fe07605207bf622

  • SHA1

    916e3e9f55205fbd45ec1fbb47db370d4f668d18

  • SHA256

    badf6c49e41bef9c00e665b7273b2e8d712abb6e463e451c39d33494eb02bd98

  • SHA512

    f20a3f64747f61b4b8aebc04309ebd2b6490ec0c8d0d4a974a2ccbe730ec89681e1bfcf80c054efd6e49cc1931feac31859a3c0a3795c6ae7c8a90a0d1e7743f

  • SSDEEP

    98304:zvw0Hotqx1pWuJ56DdIPqDyj/pCu03o8I6v+5/QGJbY9YAq+6FLiX:zY0Hotqx1EA56hLnr48IH/HK186

Score
10/10
laplasclipperstealerthemida

Malware Config

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Themida packer 16 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Clip1.exe
    "C:\Users\Admin\AppData\Local\Temp\Clip1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /CREATE /TN "EdgeUpdater-Task" /TR "C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe" /SC MINUTE
      2⤵
      • Creates scheduled task(s)
      PID:2292
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {91CE259C-8161-4B5A-A5B0-CEF3B495187E} S-1-5-21-1528014236-771305907-3973026625-1000:DMCOTBQQ\Admin:Interactive:[1]
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:572
    • C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
      C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
        3⤵
          PID:2708

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
      Filesize

      359.8MB

      MD5

      acca8a6984a8da37ef6a0f087b0d60c4

      SHA1

      121ee1355793c3aad3c6acbf1937694b1664b3a6

      SHA256

      43db7eb18a1bb2d24ff0970a12c7ea279dc787ff7155b381c7bcb623e9b3acb9

      SHA512

      2fc1ffe29eda8b0c1946c510562577cc335a9fc401f3c0274c6e50e168d0768a6d1248af4f27c1bf68f5449e250b1844d23bf3ceabbe489df4c231e9e0d888bd

      Download Submit

    • \ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
      Filesize

      349.4MB

      MD5

      ad3216e027c117e71b26d8388203256e

      SHA1

      62665dec018d406ac87c779fc97965fb1fcbc242

      SHA256

      883a1e0ff15b93e5dd88778a499d7b90b90e0718a94bbad22da8818fcb765861

      SHA512

      8120f4e83be8acf05bbc31c649eae294315d7c50fdf0a40424c55397972338322ac9ec226fc4a791783011930a5674cf890e433fab77e247a34771e31bddd4a1

      Download Submit

    • memory/572-19-0x000000013FB20000-0x00000001404DB000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/572-14-0x000000013FB20000-0x00000001404DB000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/2708-40-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-23-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-75-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-74-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-73-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-72-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-71-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-70-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-69-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-68-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-67-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-66-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-65-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-43-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-24-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-25-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-26-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-27-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-28-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-29-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-30-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-31-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-32-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-33-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-34-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-35-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-36-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-37-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-38-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-39-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-44-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-41-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-47-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-64-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-63-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-45-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-46-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-42-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-48-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-49-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-50-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-51-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-53-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-54-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-62-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-55-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-56-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-57-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-58-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-59-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-60-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2708-61-0x0000000000220000-0x0000000000611000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/2824-2-0x000000013F5E0000-0x000000013FF9B000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/2824-0-0x000000013F5E0000-0x000000013FF9B000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/2824-7-0x000000013F5E0000-0x000000013FF9B000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/2824-11-0x000000013F5E0000-0x000000013FF9B000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/2824-4-0x000000013F5E0000-0x000000013FF9B000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/2824-3-0x000000013F5E0000-0x000000013FF9B000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/2824-1-0x000000013F5E0000-0x000000013FF9B000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/3068-18-0x000000013FB20000-0x00000001404DB000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/3068-17-0x000000013FB20000-0x00000001404DB000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/3068-16-0x000000013FB20000-0x00000001404DB000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/3068-21-0x000000013FB20000-0x00000001404DB000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/3068-52-0x000000013FB20000-0x00000001404DB000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/3068-20-0x000000013FB20000-0x00000001404DB000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/3068-22-0x000000013FB20000-0x00000001404DB000-memory.dmp

      Filesize

      9.7MB

      Download