Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

LBLeak/Build.bat

windows7-x64

3

LBLeak/Build.bat

windows11-21h2-x64

3

LBLeak/builder.exe

windows7-x64

1

LBLeak/builder.exe

windows11-21h2-x64

3

LBLeak/keygen.exe

windows7-x64

1

LBLeak/keygen.exe

windows11-21h2-x64

3

Resubmissions

09/03/2025, 14:00

250309-ra17fasvb1 10

14/02/2025, 20:10

250214-yxrd3sxpgl 10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2025, 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LBLeak/Build.bat

  • Size

    741B

  • MD5

    4e46e28b2e61643f6af70a8b19e5cb1f

  • SHA1

    804a1d0c4a280b18e778e4b97f85562fa6d5a4e6

  • SHA256

    8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339

  • SHA512

    009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 7 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\LBLeak\Build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
      keygen -path C:\Users\Admin\AppData\Local\Temp\LBLeak\Build -pubkey pub.key -privkey priv.key
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2000
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3Decryptor.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:1808
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:3048
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_pass.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2128
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2144
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32_pass.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2124
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key
    Filesize

    344B

    MD5

    bebcdee76f09cec54df01dbfae50f576

    SHA1

    48e86185c0db2c7c102cb65e43ed741e030fee90

    SHA256

    8dc1366b57878c09b7d717d67b310d4011adb51ee218ecafd8676ab9f1e535ce

    SHA512

    c3ddf022447203a96fbd8593d779a028997fd6d066eb7ae48b0c0c62282751878d41ffc74fe11d29df3080e299fc9a7c4f7366ce9031d725ef313e8ef8c4d903

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key
    Filesize

    344B

    MD5

    646fa09002c8dc64f56fbd89f5d4e883

    SHA1

    321b7c8e6c459862da50fd44ab7e68af88546324

    SHA256

    259764f3dfe54bb9dae8346bdd190335f200e167bc2ae27ab689ad57c0816d4c

    SHA512

    729946b1fb45eea61362712fe1a98f28ae48dee41b0cd76ba0fc2cd6675559747d3268125c9a885a2e7b0665b83db1066427263ef0cc6f1d72a316457998a123

    Download Submit