flash

lazagne.exe

Status: finished
Submission Time: 08.04.2021 11:06:00
Malicious
Trojan
LaZagne

Comments

Tags

Details

  • Analysis ID:
    383853
  • API (Web) ID:
    669813
  • Analysis Started:
    08.04.2021 11:08:44
  • Analysis Finished:
    08.04.2021 11:19:20
  • MD5:
    68d3bf2c363144ec6874ab360fdda00a
  • SHA1:
    fa2f281fd4009100b2293e120997bfd7feb10c16
  • SHA256:
    ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
64/100

malicious
43/70

malicious
10/36

malicious
20/28

malicious

URLs

Name Detection
http://cr.yp.to/djb.html
https://bitbucket.org/jmichel/dpapick
http://python.org/dev/peps/pep-0263/
Click to see the 30 hidden entries
https://getcomposer.org/doc/articles/http-basic-authentication.md
http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes
http://www.rgaros.nl/gestalt/
http://www.seanet.com/~bugbee/crypto/salsa20/
http://psi-im.org/options
http://www.ecrypt.eu.org/stream/salsa20p3.html
https://maven.apache.org/settings.html#Servers
https://www.gmail.com/
http://www.tiac.net/~sw/2010/02/PureSalsa20
http://blog.digital-forensics.it/2016/01/windows-revaulting.html
https://github.com/dfirfpi/dpapilab
http://cr.yp.to/snuffle.html
http://www.openssl.org/support/faq.html
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
http://maven.apache.org/SETTINGS/1.0.0
http://www.unicode.org/reports/tr44/tr44-4.html).u
https://github.com/putterpanda/mimikittenz
https://maven.apache.org/guides/mini/guide-encryption.html#How_to_create_a_master_password
https://git-scm.com/docs/git-credential-store
http://www.unicode.org/reports/tr44/tr44-4.html).
http://lab.mediaservice.net/code/cachedump.rb
http://www.openssl.org/support/faq.htmlC:
http://www.ecrypt.eu.org/stream/p3ciphers/salsa20/salsa20_p3source.zip
https://github.com/mhammond/pywin320
http://schemas.xmlsoap.org/wsdl/
http://cr.yp.to/snuffle/salsafamily-20071225.pdf
http://www.eyevis.de/en/products/wall-management-software.html
http://www.python.org/dev/peps/pep-0205/
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf);
http://json.org

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\_MEI29602\lazagne.exe.manifest
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\6bfbvf
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\_MEI29602\MSVCR90.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 18 hidden entries
C:\Users\user\AppData\Local\Temp\_MEI29602\_ctypes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\_elementtree.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\_hashlib.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\_multiprocessing.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\_socket.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\_sqlite3.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\_ssl.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\bz2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\msvcp100.dll
PE32+ executable (DLL) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\msvcr100.dll
PE32+ executable (DLL) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\pyexpat.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\python27.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\pywintypes27.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\select.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\sqlite3.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\unicodedata.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\_MEI29602\win32pipe.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#