Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

hlrb11-59cp2009.exe

windows10-1703-x64

7

$PLUGINSDI...ns.dll

windows10-1703-x64

3

$PLUGINSDI...nu.dll

windows10-1703-x64

3

cl_dlls/client.dll

windows10-1703-x64

1

dlls/hlrally.dll

windows10-1703-x64

3

fmod.dll

windows10-1703-x64

7

gfx/env/dmcwft.ps1

windows10-1703-x64

1

manual/bugs.htm

windows10-1703-x64

4

manual/courses.htm

windows10-1703-x64

4

manual/cou...x.html

windows10-1703-x64

4

manual/cus...on.htm

windows10-1703-x64

4

manual/fra...om.htm

windows10-1703-x64

4

manual/frame_top.htm

windows10-1703-x64

4

manual/ima...om.htm

windows10-1703-x64

4

manual/ima...op.htm

windows10-1703-x64

4

manual/ima...x.html

windows10-1703-x64

4

manual/ima...ew.htm

windows10-1703-x64

4

manual/index.htm

windows10-1703-x64

4

manual/overview.htm

windows10-1703-x64

4

manual/team.htm

windows10-1703-x64

4

manual/vehicles.htm

windows10-1703-x64

4

manual/veh...x.html

windows10-1703-x64

4

maps/rc_canyon.ps1

windows10-1703-x64

1

models/lcr...er.ps1

windows10-1703-x64

1

settings.scr

windows10-1703-x64

uninstall.exe

windows10-1703-x64

7

$PLUGINSDI...LL.dll

windows10-1703-x64

3

user.scr

windows10-1703-x64

zlib.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    71s
  • max time network
    117s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/02/2024, 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hlrb11-59cp2009.exe

  • Size

    209.4MB

  • MD5

    f33f25f02ba20880659ca9cb5c029404

  • SHA1

    28649f2fd558b8998c4649cd2f48e16896c6d30b

  • SHA256

    0d60601a1157cff3eba748a058ac48b94f25989aa30aba124be9c45877a7e034

  • SHA512

    1abc956aa029be86d84db2ace94e5f1fe41095bc818763d48a2deb01667e06e3d62ba06d7275cac0cff2acc6bda51be30e48a1c7de3936d3b2cc9ef1cd3c2b9f

  • SSDEEP

    6291456:u7miATfLIlAI1VbB4W68Qw4TrhNIQLjESz0A:u6/L+AI1VbBg8sNyQfv

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\hlrb11-59cp2009.exe
    "C:\Users\Admin\AppData\Local\Temp\hlrb11-59cp2009.exe"
    1⤵
    • Loads dropped DLL
    PID:2680
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2560
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\STEAM\SteamApps\half-life\hlrally\HL_RALLY_1.1B_+_59cp_FEATURES.txt
      1⤵
        PID:3160

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\STEAM\SteamApps\half-life\hlrally\HL_RALLY_1.1B_+_59cp_FEATURES.txt
        Filesize

        267B

        MD5

        4e210feb1942e6ed6eecd6caf143bd17

        SHA1

        3b5c8bfa6223ea706736067b2a9d9b87f2ea6667

        SHA256

        e5f6b5666f4c59870693aef288d027cf48b16bb52f98369dc0048a61c82e9728

        SHA512

        7d151ba57e3fdad1516105ba17560a63bb622d93d107b880270a90e605eece923b348f232df1976480fd6b32b9ccbcf9371d7691f94ccd203472e5435837d368

        Download Submit

      • C:\STEAM\SteamApps\half-life\hlrally\gfx\env\mm_poolup.tga
        Filesize

        192KB

        MD5

        1691598c6bc4a706d104dfe5ef35bfee

        SHA1

        1945963905e9a110b0150e1d9faae37fc0e52cf3

        SHA256

        90fe5b115e3708e309ef3a6e89c959e87d17f115f1fe9dfc221a1c83a0db2b47

        SHA512

        7f77281545939bec863e2964a03966c487e6e15764d301a8e35ea7d87458634914e33a8c3e9ba84bf869ad28828bdceb39a7881dbc598172d81d06c47100a091

        Download Submit

      • C:\STEAM\SteamApps\half-life\hlrally\gfx\env\sunsetrt.tga
        Filesize

        192KB

        MD5

        4c6b88f201895ae567f75ece60e5f4fc

        SHA1

        f2ec50247091774eeb2ea606f13265108ca9bdf7

        SHA256

        437a64f865426ef42f2dd582c7d0a39ac8afb23bc1069961fad7178f969e8e3b

        SHA512

        8c76355a4bb95d49a774d3b67eb7251b0089fd530bf5656560b0077148efbceff7674ecc826e2fff72e1d5343d52f7a950b4c520e49fa1a048a0ec12e1d33e7a

        Download Submit

      • C:\STEAM\SteamApps\half-life\hlrally\gfx\vgui\1600_mitsubishi.tga
        Filesize

        64KB

        MD5

        32a5608df330bf008670e812674b5bb9

        SHA1

        e159bdaa960a9d3095049644b7f019d078525113

        SHA256

        ea6652259456217ff56fcdd209d57707fa89584c057862114b230d08c06a3fd7

        SHA512

        e6b12ba8680296adb9bd878e29fd7db470527e46f9640f68b3572799186e95ddd047ecfda4ec101c9245bdb3ae029ecbd51f8c4f43a2973a1e9427fb15f85ce8

        Download Submit

      • C:\STEAM\SteamApps\half-life\hlrally\gfx\vgui\640_class_bg16.tga
        Filesize

        5KB

        MD5

        a1c2d08d4de4948b646296d075668488

        SHA1

        d0bff5b784e20916c8324a39d4f34e3d70ba3d4f

        SHA256

        8750ab2e0a5343b68f6917ba3c2714366648a361cf6050ee2dbb55b5ebc565a0

        SHA512

        59fbdb99020b74b74f7ca5918a631cdeb6c58fe05468b66a97e13e8d4e512479a5588d127098b186e067a597841f0f56e68eb9c97822429dd7523c176722814a

        Download Submit

      • C:\STEAM\SteamApps\half-life\hlrally\gfx\vgui\800_class_bg16.tga
        Filesize

        9KB

        MD5

        4bd0c280d2218db8fb6baa5c5739a9ee

        SHA1

        9758bfab700045f473d2930211ce9203c0e46970

        SHA256

        4e2973fc992e590eb260e903f2f5d9e2c2d1b039868db102afc0b86f2cfa01fc

        SHA512

        72a9c7ed471ee645a50b356cfdf3066daf886764dbbbc8a35d69840b0934e208c871ddb4835eba70565265b733966c382e83ca3d9b602eebc3e11b1b674849fd

        Download Submit

      • C:\STEAM\SteamApps\half-life\hlrally\sprites\maps\rc_inyo2.spr
        Filesize

        64KB

        MD5

        0076c6e5d857af809e0938394afdd0c0

        SHA1

        c717514bf5591a6678aad76145b5645e20f61b21

        SHA256

        68ebd80d20df40f3709f2869e9003b8aeff831ba8425bb6398dfecc29edbad8e

        SHA512

        4193412b595baa95ed95072e13c544f97e8fcc6b11437c0f28c8a2fae9f0a0390230b6b6d2428eeee2f770b4f62b6ff8eb7f5b7caa2d4202883fc199e08a494f

        Download Submit

      • C:\STEAM\SteamApps\half-life\hlrally\sprites\maps\rc_wintervalley.spr
        Filesize

        64KB

        MD5

        7fddbd770a51692a3ea390278c8a1fb4

        SHA1

        646110726a41d79eaf1af04dfd682c5c3234bf32

        SHA256

        ff8665d4b1585265c5325bf1247eb375c50665779287c5dc1bdab00bcfc39d84

        SHA512

        3b31b5025e2be45f02d1d1195c9150d54017b50e25c7b0a98e492e8d0434e01b2d1d3fa70709ca0cc4b1479f7dd664e816cd7d6e44894e86f8e5b59ec3d7595e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsb96D3.tmp\ioSpecial.ini
        Filesize

        528B

        MD5

        20568586d5ae491d72a31eb22e317578

        SHA1

        da5567c57dae61691813d799fc9fd6c609a9942b

        SHA256

        0850a2c224eabd62231815ed08aac5640354a7db66f44d9c58af439df21fab7d

        SHA512

        5852a255def005d8b7a61acf7ef94d1eea07392c9e93a7ce9994b4f4f0505fe261db558d678435a56d317c0d54c99ffac7b7010d58ff1a9ce3c502285b9e62fb

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsb96D3.tmp\ioSpecial.ini
        Filesize

        620B

        MD5

        5dbf886bb92e32514c8c7eaa5d2394ce

        SHA1

        b95733b602ca53b076b55e9e449aff445b8f3e22

        SHA256

        f38fe41eca9d31ba4462949645d0365c98dd28fed3345d29333717e4b9b4a5ef

        SHA512

        d271cabf38243de109019d9898b238b7d7499cd636bf910e59769cd0cd99035ff85114a41ae9962e4589e4d66cb0ce55f67225db57c66325f230199d1dfee92a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsb96D3.tmp\ioSpecial.ini
        Filesize

        620B

        MD5

        98a0bd138570cc789f18aaf630f4eac7

        SHA1

        fde8bf8e5b25f8213698552d8bec62e15be50009

        SHA256

        2b7f9d92ec47f951a82cb12ce5054c940d41fbac3927c1d131568b24c3688c19

        SHA512

        ef9fd979d73fe9499da5af8dbcb26c987b242d7fbfa7becc069df6b4dea43f5572ed661f23d33610c596942d7b99b3464ca7a923524b28187acb38423fff8af8

        Download Submit

      • \Users\Admin\AppData\Local\Temp\nsb96D3.tmp\InstallOptions.dll
        Filesize

        14KB

        MD5

        0285eac59530ff5cc91fe2634b4ed78e

        SHA1

        241c12aefca0740e776362f30aa1edffd66d6bdc

        SHA256

        44c822afaa4cc7cb95390eaa0ada076d280d3455870569f0cde03637257d9899

        SHA512

        1007fbfb82d4e6c04bd5fefb32cd81f4406022ceef4d409eda0f0ddeb8b1f124a2baec86498bc119778e0c241fc41b0c2440d8a8f6731a63ede936be94f81297

        Download Submit

      • \Users\Admin\AppData\Local\Temp\nsb96D3.tmp\StartMenu.dll
        Filesize

        7KB

        MD5

        d7d5e1ae69a5108aad96eae3634394db

        SHA1

        68c27b7ad530bdbb39b7f3cecea63b8b2708cb1c

        SHA256

        76067f5d1e3df7fc72d6f0253a0bd0e1aa1b444c8a6953c10cd78f3a7cd3944e

        SHA512

        217884d79c896c1b4383184096964c1d559a2c906a3ec50d6715015f1981d3fdee5ed35803118bdc83354dc923e3e2e22b868b03236019185190daeaffbdd899

        Download Submit