Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

CraxsRat Fixer.exe

windows10-2004-x64

10

DefenderRemover.exe

windows10-2004-x64

1

DrakeUI.Framework.dll

windows10-2004-x64

1

EV.dll

windows10-2004-x64

1

EV64.dll

windows10-2004-x64

1

GeoIPCitys.dll

windows10-2004-x64

1

HVMRun64.dll

windows10-2004-x64

1

HVMRuntm.dll

windows10-2004-x64

1

LiveCharts.MAPS.dll

windows10-2004-x64

1

LiveCharts...ms.dll

windows10-2004-x64

1

LiveCharts.Wpf.dll

windows10-2004-x64

1

LiveCharts.dll

windows10-2004-x64

1

NAudio.dll

windows10-2004-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

System.IO....le.dll

windows10-2004-x64

1

WinMM.Net.dll

windows10-2004-x64

1

condef/Def...gs.vbs

windows10-2004-x64

1

condef/dControl.exe

windows10-2004-x64

7

res/Lib/7z.dll

windows10-2004-x64

3

res/Lib/7z.exe

windows10-2004-x64

1

res/Lib/ApkEditor.jar

windows10-2004-x64

1

res/Lib/aapt.exe

windows10-2004-x64

1

res/Lib/apksigner.jar

windows10-2004-x64

1

res/Lib/apktool.jar

windows10-2004-x64

1

res/Lib/junk.ps1

windows10-2004-x64

1

res/Lib/li...ni.dll

windows10-2004-x64

1

res/Lib/li...-1.dll

windows10-2004-x64

1

res/Plugin...n-2.pl

windows10-2004-x64

3

res/Plugin...n-3.pl

windows10-2004-x64

3

res/Plugin...n-6.pl

windows10-2004-x64

3

res/Plugin...n-7.pl

windows10-2004-x64

3

res/Plugin...n-8.pl

windows10-2004-x64

3

Analysis

  • max time kernel
    76s
  • max time network
    212s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 10:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    res/Plugins/Android/gen-3.pl

  • Size

    5KB

  • MD5

    a03b010aaedc90001f105b4858a4e8d1

  • SHA1

    44191d7dfea55cf37b6b14193801c90741ebb8cf

  • SHA256

    42c8d417fcc509864d08d42ef61a4926a17010abce6c1f06187acd931a9eeaab

  • SHA512

    8769d8329172a6d95b99056bd0b05ccab41c9b4b9b7efe16f2fb22a3f8acbab98d273a3c6bf2e845934ed58e95a08229f0fe27f78f057ca2c3f2ad547f863145

  • SSDEEP

    96:2Pm571ukquJN67N72vNx+y/NeFyocWiBhpWKvgnJyC5a4h7Ybt:2OauuhI9/8/X+pRvgnJR5a4h0p

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\res\Plugins\Android\gen-3.pl
    1⤵
    • Modifies registry class
    PID:2792
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3368

Network

  • flag-us
    DNS
    14.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    108.211.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    108.211.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.226.21.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.226.21.2.in-addr.arpa
    IN PTR
    Response
    10.226.21.2.in-addr.arpa
    IN PTR
    a2-21-226-10deploystaticakamaitechnologiescom
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.21.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.21.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    66.112.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    66.112.168.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    121.252.72.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    121.252.72.23.in-addr.arpa
    IN PTR
    Response
    121.252.72.23.in-addr.arpa
    IN PTR
    a23-72-252-121deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    14.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    108.211.229.192.in-addr.arpa
    dns
    74 B
     145 B
     1
    1

    DNS Request

    108.211.229.192.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    10.226.21.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    10.226.21.2.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    126.21.238.8.in-addr.arpa
    dns
    71 B
     125 B
     1
    1

    DNS Request

    126.21.238.8.in-addr.arpa

  • 8.8.8.8:53
    66.112.168.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    66.112.168.52.in-addr.arpa

  • 8.8.8.8:53
    121.252.72.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    121.252.72.23.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    350 B
     5

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.