Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

LBLeak/Build.bat

windows7-x64

3

LBLeak/Build.bat

windows11-21h2-x64

3

LBLeak/builder.exe

windows7-x64

1

LBLeak/builder.exe

windows11-21h2-x64

3

LBLeak/keygen.exe

windows7-x64

1

LBLeak/keygen.exe

windows11-21h2-x64

3

Resubmissions

09/03/2025, 14:00

250309-ra17fasvb1 10

14/02/2025, 20:10

250214-yxrd3sxpgl 10

Analysis

  • max time kernel
    163s
  • max time network
    164s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/03/2025, 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LBLeak/Build.bat

  • Size

    741B

  • MD5

    4e46e28b2e61643f6af70a8b19e5cb1f

  • SHA1

    804a1d0c4a280b18e778e4b97f85562fa6d5a4e6

  • SHA256

    8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339

  • SHA512

    009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LBLeak\Build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3484
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
      keygen -path C:\Users\Admin\AppData\Local\Temp\LBLeak\Build -pubkey pub.key -privkey priv.key
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3928
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3Decryptor.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2588
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:240
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_pass.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:5784
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1212
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32_pass.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2736
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key
    Filesize

    344B

    MD5

    1825a3e1349adeabe79e37b82d005d20

    SHA1

    d331bf4b255cb2f33478039334b9080771a37737

    SHA256

    5fe15815d20781620b3f04eecf5845c6b555e8bf0eb14cc80d3e293d7514daf4

    SHA512

    c7d51857ff00b0db0c66ce6fd69914811d038793de262159e84508a28aba94a099b6f7e6a2d03a3dc13f1c7db467ea08eef05d20e2abf2dd49475671faf77fdb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key
    Filesize

    344B

    MD5

    24b4f4770549b2344ffea1b2af961811

    SHA1

    f6b49358024cc5387811869702ba17196572b645

    SHA256

    e020a92ce2ff7c87eb705578d8049b9e78013af5cbaa5253b9479acb986a6f8d

    SHA512

    4424f0639ca53671a08eaf7c728fff468df954964d64ce8daa8ed801943dc61e3b78a1fae8d001f2d8df3dd97d330e9ec1841ae0b3ae82e4d0a5d3346880b660

    Download Submit