Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

vcxsrv-64....er.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows11-21h2-x64

3

bitmaps/autogen.sh

windows11-21h2-x64

3

bitmaps/uninstall.exe

windows11-21h2-x64

7

dxtn.dll

windows11-21h2-x64

1

libX11.dll

windows11-21h2-x64

1

libXau.dll

windows11-21h2-x64

1

libXext.dll

windows11-21h2-x64

1

libXmu.dll

windows11-21h2-x64

1

libcrypto-1_1-x64.dll

windows11-21h2-x64

1

libgcc_s_sjlj-1.dll

windows11-21h2-x64

1

libiconv-2.dll

windows11-21h2-x64

1

libwinpthread-1.dll

windows11-21h2-x64

1

libxcb.dll

windows11-21h2-x64

1

libxml2-2.dll

windows11-21h2-x64

1

msvcp140.dll

windows11-21h2-x64

1

plink.exe

windows11-21h2-x64

1

swrast_dri.dll

windows11-21h2-x64

1

swrastwgl_dri.dll

windows11-21h2-x64

1

vcruntime140.dll

windows11-21h2-x64

1

vcruntime140_1.dll

windows11-21h2-x64

1

vcxsrv.exe

windows11-21h2-x64

1

xauth.exe

windows11-21h2-x64

1

xcalc.exe

windows11-21h2-x64

1

xclock.exe

windows11-21h2-x64

1

xhost.exe

windows11-21h2-x64

1

xkbcomp.exe

windows11-21h2-x64

1

xlaunch.exe

windows11-21h2-x64

1

xrdb.exe

windows11-21h2-x64

1

xwininfo.exe

windows11-21h2-x64

1

zlib1.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/08/2024, 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vcxsrv.exe

  • Size

    3.6MB

  • MD5

    10297f84807f79024874c61c0fbdc616

  • SHA1

    61c617efd35ba10132449cc07de62c0aaedb50d3

  • SHA256

    a00a750402f9940073e1b4be8cf260f368e1a23ecf6f637de3aa4d4b4cd4e213

  • SHA512

    3cdc10538e645ae8c1f28b177ccfa4eb36506ff47984cc77a34667eebf654ecf6dc4647f0bc4925cf8d2f6da51174b3f77803f6df3922ffe34f7453dc0abe43b

  • SSDEEP

    49152:2aE8tjZQl6saqAPgkymuGXzosh2arpyiDMvEeEKPRD7aOzuLI+oX9IhHow9+uD:+w1rt0YYzak9IhHowouD

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vcxsrv.exe
    "C:\Users\Admin\AppData\Local\Temp\vcxsrv.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3388
    • C:\Users\Admin\AppData\Local\Temp\xkbcomp.exe
      "C:\Users\Admin\AppData\Local\Temp\xkbcomp" -w 1 "-RC:\Users\Admin\AppData\Local\Temp\xkbdata" -xkm "C:\Users\Admin\AppData\Local\Temp\xkb_a02956" -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" "C:\Users\Admin\AppData\Local\Temp\server-0.xkm"
      2⤵
        PID:3484
      • C:\Users\Admin\AppData\Local\Temp\xkbcomp.exe
        "C:\Users\Admin\AppData\Local\Temp\xkbcomp" -w 1 "-RC:\Users\Admin\AppData\Local\Temp\xkbdata" -xkm "C:\Users\Admin\AppData\Local\Temp\xkb_a02956" -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" "C:\Users\Admin\AppData\Local\Temp\server-0.xkm"
        2⤵
          PID:3980

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\server-0.xkm
        Filesize

        11KB

        MD5

        fb57d1c3292c152eccd22494827bdd38

        SHA1

        a953bac00b66c3edb91276f11273d815a9093997

        SHA256

        6f35e27783e77695a0b10b2fad9980d8d4929e4f01d313820550e36782b3d94d

        SHA512

        02103937273ea7c3c74cb8ae2dd9b12e07e4908c3f2b34a7eeda4276216e8a447c9f6f5ea1e045f2d482137b2dd906bf97ea7b7365f2d6c993373035219ef196

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\server-0.xkm
        Filesize

        11KB

        MD5

        3b4bc8671964e0494c9142363ec85f43

        SHA1

        4e273e983781bc82530b10fef8c8187d967477ba

        SHA256

        215ba1c65d720e1df3072e490e6aed1b0e4bbd0d03cf4d402fe7c4a6aaf1334b

        SHA512

        fcfb3395e01857d8f7dd2d9617168f8148bb9f6033e29801e7919e0223cc3a3ac568a34917d1ef14954b68d3a256f2f2757e41ec53ba6013cfdb7379b580857c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\xkb_a02956
        Filesize

        311B

        MD5

        ae6099b85cf164242d1e272553bb5795

        SHA1

        3b7f4f2ca49e77899891dfc91df29d71f330e749

        SHA256

        46d3af7295ff52ea426d3a72cc25c2a55ede1dbc8d8c9a977abc92842acdb181

        SHA512

        bbba9b168e2a2da5db348cb5dbb0291097b85ef63345d5a298b952fd33989ff080fa4725454ded319263463fd0b74bbfcc3345bf14bde0479944ab2fd71a09de

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\xkb_a02956
        Filesize

        343B

        MD5

        772dbf79a529ca1636dbf818bc2f1d2a

        SHA1

        4321a2e604a794a0f6f57570ae44fc2485868cac

        SHA256

        5a0e759b25e97915fe7380d76866dfd692d218faa7e9c6b10377fbcb688e4e55

        SHA512

        8800aed84f19f6fcc0acbcd08e6e9dee9d4b0ee344765369549187a3d5171559fbc234dcf5bbfac5ce27219b5b5b2e374e6b35c51c5cf3f87be2a5ba493efa43

        Download Submit