Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Rpoxo BETA...ox.dll

windows7-x64

1

Rpoxo BETA...ox.dll

windows10-2004-x64

1

Rpoxo BETA...UI.dll

windows7-x64

1

Rpoxo BETA...UI.dll

windows10-2004-x64

1

Rpoxo BETA...xo.exe

windows7-x64

1

Rpoxo BETA...xo.exe

windows10-2004-x64

1

Rpoxo BETA...ng.dll

windows7-x64

1

Rpoxo BETA...ng.dll

windows10-2004-x64

1

Rpoxo BETA...ms.dll

windows7-x64

1

Rpoxo BETA...ms.dll

windows10-2004-x64

1

Rpoxo BETA...em.dll

windows7-x64

1

Rpoxo BETA...em.dll

windows10-2004-x64

1

Rpoxo BETA...PI.dll

windows7-x64

1

Rpoxo BETA...PI.dll

windows10-2004-x64

1

Rpoxo BETA...in.dll

windows7-x64

3

Rpoxo BETA...in.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rpoxo BETA V-1.7/Proxo BETA V1.7/exploit-main.dll

  • Size

    546KB

  • MD5

    9f04155387e7a850561e206c48c54cfd

  • SHA1

    d3788149c90f4489f02026451d8c8f807dbb6f4e

  • SHA256

    eca3bdc638b9fd9304b401e3a4ef6b40c12c193fa3633d3d8bfc65a1d7d950e4

  • SHA512

    4ce998ff1b7ac7bc9c249a29f04ad9074dfa81614ceb9d8e884cca45daf83cdb71f58f79d85e085b2ee6467556872a4370d9dafd9775909826d8d53d138e5b54

  • SSDEEP

    12288:oTvHofRsMJ0qKNNlnJV5bYfD2y/tPe6ZLoQr42KQSO31i/Du6lRsEXot:V0/Nld0r1ZLog40usE8

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Rpoxo BETA V-1.7\Proxo BETA V1.7\exploit-main.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Rpoxo BETA V-1.7\Proxo BETA V1.7\exploit-main.dll",#1
      2⤵
        PID:3708
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 556
          3⤵
          • Program crash
          PID:3144
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 844
          3⤵
          • Program crash
          PID:3056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3708 -ip 3708
      1⤵
        PID:2968
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3708 -ip 3708
        1⤵
          PID:1228

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads