Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

.peu/New P...pi.vbs

windows10-2004-x64

1

.peu/New P...lt.xml

windows10-2004-x64

3

.peu/New P...ed.xml

windows10-2004-x64

3

ServerCertificate.p12

windows10-2004-x64

5

Plugins/Ac...ws.dll

windows10-2004-x64

1

Plugins/Admin.dll

windows10-2004-x64

1

Plugins/An...re.dll

windows10-2004-x64

1

Plugins/Bo...er.dll

windows10-2004-x64

1

Plugins/Chat.dll

windows10-2004-x64

1

Plugins/Clipboard.dll

windows10-2004-x64

1

Plugins/Cmd.dll

windows10-2004-x64

1

Plugins/DDos.dll

windows10-2004-x64

1

Plugins/DotNet.dll

windows10-2004-x64

1

Plugins/Fi...er.dll

windows10-2004-x64

1

Plugins/Fi...er.dll

windows10-2004-x64

1

Plugins/Fun.dll

windows10-2004-x64

1

Plugins/HBrowser.dll

windows10-2004-x64

1

Plugins/HRDP.dll

windows10-2004-x64

5

Plugins/HVNC.dll

windows10-2004-x64

1

Plugins/Helper.dll

windows10-2004-x64

1

Plugins/Hi...ps.dll

windows10-2004-x64

1

Plugins/Hi...am.dll

windows10-2004-x64

1

Plugins/Hosts.dll

windows10-2004-x64

1

Plugins/IconLib.dll

windows10-2004-x64

1

Plugins/In...on.dll

windows10-2004-x64

1

Plugins/In...es.dll

windows10-2004-x64

1

Plugins/Keylogger.dll

windows10-2004-x64

1

Plugins/Mic.dll

windows10-2004-x64

1

Plugins/Mining.dll

windows10-2004-x64

1

Plugins/Options.dll

windows10-2004-x64

1

Plugins/Password.dll

windows10-2004-x64

1

Plugins/Po...ll.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    60s
  • max time network
    73s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/08/2023, 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Plugins/HRDP.dll

  • Size

    37KB

  • MD5

    4f3be09a3f000e5d717d698819311000

  • SHA1

    5e809e1be7858bff5e01adf20565a4985edca219

  • SHA256

    63e05c9a64641ce9ce3620293be5e1cf5d8afe8d91982375f7e466e1450b30a4

  • SHA512

    5a8fa8e0d0bfdbc81b91081bb8789da97a606d267432b4d09e888ef89356ec954057136e590cc7db6be125195c0f2ad1568116f56f47bcd7f581739effc292a8

  • SSDEEP

    768:Bb3CzsCncWFVqOs0wXLAxpR+l9z85Z7gYe2xxSgTlNiIae+EgkbE:BTCQCntT3bwXLAxM10Z75QgTlNiIH+E0

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HRDP.dll,#1
    1⤵
      PID:992
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k netsvcs -p
      1⤵
      • Drops file in System32 directory
      PID:4932

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\wsuAB72.tmp
      Filesize

      14KB

      MD5

      c01eaa0bdcd7c30a42bbb35a9acbf574

      SHA1

      0aee3e1b873e41d040f1991819d0027b6cc68f54

      SHA256

      32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

      SHA512

      d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

      Download Submit

    • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
      Filesize

      29KB

      MD5

      d62f5ff348fa8fda4b39fa2652ebbaa2

      SHA1

      77a078be64cec92f6b2ce7b9ba77414403a3ddde

      SHA256

      103c7313eecacdef83f20fe76f1bfca8bc223b6ad73404d386e137151e6d4f0b

      SHA512

      de041964bfd2745843b71a59ca249e5e9ea103af96e2cacb06217f10e80e36fe35953e6e4436babeccd189a3cc0b8e76dbc4ef7edf8efd65b33dbf6163d38dcc

      Download Submit

    • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
      Filesize

      29KB

      MD5

      131ce8c14c0f303996f13cf3877e57b2

      SHA1

      c1b308f1ac3ac933b1ac054ba586ed10be07e2e4

      SHA256

      b3e7ffa0382983f97867a735f0056befde9f3c20852087e3f784e6fe5972f972

      SHA512

      a6392065f71938f918e92c98a2afc68170a0c9eaf6b074bcd6e39cc29c2c1f782d81844ef99e59fd2f93adf2db4e69fbfd36288dadb6037f3e2d74a03a8ce782

      Download Submit

    • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
      Filesize

      29KB

      MD5

      b4eab26bf640c53bfd211dee030578fa

      SHA1

      3ff5bb2ad0acf8a64fec1b5be617729b73614059

      SHA256

      2be0601b6e8b617055c32a364c4c4587245301ee3c88c18aa1980af37a2aa895

      SHA512

      503c5c725d1cacdb6d8459904102c41dca2fd7d48ed1cf58d26fafd5c743274acf8ad9ad8eebd556dd5a89902e6a936f2a677f71e8c2183327d6cb7d229b9a20

      Download Submit

    • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
      Filesize

      29KB

      MD5

      515691c35ef61e99d49b87da539223fd

      SHA1

      455574723d46e3845e43e50cecf9fdad0d1683e1

      SHA256

      d8d60874a1da0c199fbc42bddc634530595b7960bd519df16101621af69efb78

      SHA512

      44c7ef3b097a40d62cf9a51b40fcb4d1cc794e74af4202a54995680c552996cbd1db18eb68b46fc805ea8704605cd48aa50b1af42de4430a04c0acea25dc4a77

      Download Submit

    • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
      Filesize

      29KB

      MD5

      56e38a111a81dc3bda9d13242a9dec33

      SHA1

      828bfaf91625576dce3fcb0486d868ac662c1fb8

      SHA256

      c412d8ee7e2bd4d245651a6e228aa2b06023354307718796f33a326831e5b4be

      SHA512

      6f0f9edf599fdbd9fbec6fbced53a7155eaaec0c557a51c2d0d9f30883f405aa3d21de7a931ff22b3be5a648442ae79ec04570b5918388435c9481950dce07b5

      Download Submit

    • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
      Filesize

      29KB

      MD5

      94f60c6909cd23e9b53f2bcb4cc5d399

      SHA1

      efdd44b416159126faa40dbdcd533212376d7b0c

      SHA256

      95aaa7f57431198ba59913ddcf3cf547837425c146d4104cd3eb8f896ac7d7e3

      SHA512

      83fc8d38bcc8883dbc49a9d1b32e8beb8f49e0da71b59105bd41d9b1a334a245d75879001071f4498b643a73562541a036d12c24347a3a1b95713c7bac207967

      Download Submit