Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Release.zip

windows10-2004-x64

7

plugins/Chat.dll

windows10-2004-x64

1

plugins/Fi...er.dll

windows10-2004-x64

1

plugins/Fun.dll

windows10-2004-x64

1

plugins/Hvnc.dll

windows10-2004-x64

1

plugins/InfoGrab.dll

windows10-2004-x64

1

plugins/KeyLogger.dll

windows10-2004-x64

1

plugins/Ke...ne.dll

windows10-2004-x64

1

plugins/Li...ne.dll

windows10-2004-x64

1

plugins/Pr...er.dll

windows10-2004-x64

1

plugins/Re...er.dll

windows10-2004-x64

1

plugins/Re...xy.dll

windows10-2004-x64

1

plugins/Sc...ol.dll

windows10-2004-x64

1

plugins/Shell.dll

windows10-2004-x64

1

plugins/Startup.dll

windows10-2004-x64

1

plugins/Sy...er.dll

windows10-2004-x64

1

plugins/Uacbypass.dll

windows10-2004-x64

1

plugins/WebCam.dll

windows10-2004-x64

1

stub/xeno ...nt.exe

windows10-2004-x64

10

xeno rat server.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    1151s
  • max time network
    1141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2024, 19:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    plugins/Uacbypass.dll

  • Size

    18KB

  • MD5

    d1d9aef0ed8093ff1ed157bb4af3652c

  • SHA1

    f42c6258e2ade01d14fe4fce4d51cd0b05569417

  • SHA256

    7c67304b2c4911b9a394604d92e7dfd48286f6aee89c81ddd96c922ad67a0a65

  • SHA512

    eab2b498c602105a158d7e167ea0929efadd488328f0cdaf43f65a87430f333c5aae74473f4b4652a21107b3056aea7f3d472098a0fa2cae32d6f687a7ecde10

  • SSDEEP

    384:AeI8KomqLwYgwQ+wpGT1FpAZ4tpnt3sGXbbveqiMZ2eiEB487XK:PfE4jtc2bbvZQAB4oa

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugins\Uacbypass.dll,#1
    1⤵
      PID:2564

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN A
      100.71.76.122
    • flag-us
      DNS
      144.49.80.100.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      144.49.80.100.in-addr.arpa
      IN PTR
      Response
      144.49.80.100.in-addr.arpa
      IN A
      100.69.242.129
    • flag-us
      DNS
      50.67.93.100.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.67.93.100.in-addr.arpa
      IN PTR
      Response
      50.67.93.100.in-addr.arpa
      IN A
      100.73.245.145
    • flag-us
      DNS
      13.159.123.100.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.159.123.100.in-addr.arpa
      IN PTR
      Response
      13.159.123.100.in-addr.arpa
      IN A
      100.83.92.0
    • flag-us
      DNS
      183.147.117.100.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.147.117.100.in-addr.arpa
      IN PTR
      Response
      183.147.117.100.in-addr.arpa
      IN A
      100.81.147.119
    • flag-us
      DNS
      19.241.73.100.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.241.73.100.in-addr.arpa
      IN PTR
      Response
      19.241.73.100.in-addr.arpa
      IN A
      100.88.93.14
    • flag-us
      DNS
      24.34.90.100.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.34.90.100.in-addr.arpa
      IN PTR
      Response
      24.34.90.100.in-addr.arpa
      IN A
      100.98.145.252
    No results found
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       102 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Response

      100.71.76.122

    • 8.8.8.8:53
      144.49.80.100.in-addr.arpa
      dns
      72 B
       114 B
       1
      1

      DNS Request

      144.49.80.100.in-addr.arpa

      DNS Response

      100.69.242.129

    • 8.8.8.8:53
      50.67.93.100.in-addr.arpa
      dns
      71 B
       112 B
       1
      1

      DNS Request

      50.67.93.100.in-addr.arpa

      DNS Response

      100.73.245.145

    • 8.8.8.8:53
      13.159.123.100.in-addr.arpa
      dns
      73 B
       116 B
       1
      1

      DNS Request

      13.159.123.100.in-addr.arpa

      DNS Response

      100.83.92.0

    • 8.8.8.8:53
      183.147.117.100.in-addr.arpa
      dns
      74 B
       118 B
       1
      1

      DNS Request

      183.147.117.100.in-addr.arpa

      DNS Response

      100.81.147.119

    • 8.8.8.8:53
      19.241.73.100.in-addr.arpa
      dns
      72 B
       114 B
       1
      1

      DNS Request

      19.241.73.100.in-addr.arpa

      DNS Response

      100.88.93.14

    • 8.8.8.8:53
      24.34.90.100.in-addr.arpa
      dns
      71 B
       112 B
       1
      1

      DNS Request

      24.34.90.100.in-addr.arpa

      DNS Response

      100.98.145.252

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.