Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Release.zip

windows10-ltsc 2021-x64

10

plugins/Chat.dll

windows10-ltsc 2021-x64

1

plugins/Fi...er.dll

windows10-ltsc 2021-x64

1

plugins/Fun.dll

windows10-ltsc 2021-x64

1

plugins/Hvnc.dll

windows10-ltsc 2021-x64

1

plugins/InfoGrab.dll

windows10-ltsc 2021-x64

1

plugins/KeyLogger.dll

windows10-ltsc 2021-x64

1

plugins/Ke...ne.dll

windows10-ltsc 2021-x64

1

plugins/Li...ne.dll

windows10-ltsc 2021-x64

1

plugins/Pr...er.dll

windows10-ltsc 2021-x64

1

plugins/Re...er.dll

windows10-ltsc 2021-x64

1

plugins/Re...xy.dll

windows10-ltsc 2021-x64

1

plugins/Sc...ol.dll

windows10-ltsc 2021-x64

1

plugins/Shell.dll

windows10-ltsc 2021-x64

1

plugins/Startup.dll

windows10-ltsc 2021-x64

1

plugins/Sy...er.dll

windows10-ltsc 2021-x64

1

plugins/Uacbypass.dll

windows10-ltsc 2021-x64

1

plugins/WebCam.dll

windows10-ltsc 2021-x64

1

stub/xeno ...nt.exe

windows10-ltsc 2021-x64

10

xeno rat server.exe

windows10-ltsc 2021-x64

3

Analysis

  • max time kernel
    98s
  • max time network
    140s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    19/12/2024, 19:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    plugins/ProcessManager.dll

  • Size

    17KB

  • MD5

    4dac21b4f2984931b9710ca50329023a

  • SHA1

    e92c1284f58e2cf339340ff5496f94f9183f127c

  • SHA256

    8bca46a92123f0435b98174d0d1182016811905c7cae6199176d1d3e94605e67

  • SHA512

    36b9c7c23ebf21fc6523ca309d49966c06eba488cb7ba807f496c9effaff7e31ed8e166cab8392352b7efea3dac748af69c5de0b5cf9275fbc0616c0a75af1a9

  • SSDEEP

    384:GOQdVyeIdKbl512kg3EHEeGdhCaXJbuLUSJZAnVb:GXIeIdKbsEZaZyw

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugins\ProcessManager.dll,#1
    1⤵
      PID:2192

    Network

    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.210.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.210.23.2.in-addr.arpa
      IN PTR
      Response
      88.210.23.2.in-addr.arpa
      IN PTR
      a2-23-210-88deploystaticakamaitechnologiescom
    • flag-us
      DNS
      17.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      fd.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      fd.api.iris.microsoft.com
      IN A
      Response
      fd.api.iris.microsoft.com
      IN CNAME
      fd-api-iris.trafficmanager.net
      fd-api-iris.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
      IN A
      20.223.35.26
    • flag-ie
      GET
      https://fd.api.iris.microsoft.com/v4/api/selection?&asid=719ADFC40728472198ECB312BC3EAFCC&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929115&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3A75DBBE49-1462-4A71-00DB-721CFF439F3C&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=11777&tsu=11777
      Remote address:
      20.223.35.26:443
      Request
      GET /v4/api/selection?&asid=719ADFC40728472198ECB312BC3EAFCC&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929115&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3A75DBBE49-1462-4A71-00DB-721CFF439F3C&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=11777&tsu=11777 HTTP/2.0
      host: fd.api.iris.microsoft.com
      accept-encoding: gzip, deflate
      x-sdk-hw-token: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAY7FnBz71goMDfiGKomxP7MT/rPZKZHFsBMlut8IdxuvcZUprIXxC4Y37bkUuvJ26mQbXoCsjBqJAoJWEZMeHwxLZv3SllEMspGZ68keJCQoIHaqPKgVApBOxTYlpglO6u93ikp6CyEBVA9Kply08n3f3muI6luLnKjA2aUNoZ29/5x9UpEFrs44wDwO8ICcbrKAoiGmG05lEd7O6dj5YTuQoVG/OEN/hgdG6cG2dvSOsIgfyoshpoV4GHJWPI3N+yBN5QmsWQ17acCxLqWuHBL4IqSo1C5RLiSVhRsp1aAWOyRurtVXK+cbEtLC2SddNY/CqG+wH0yS7IAW6qw6OpcQZgAAEKSTJWL5OXw6i++wrPgaPr+wAeuMmePKiPpdR/qFju6b6HAFMkSkVslnEYy9c7ZETRWcFluh2zV2GqNXQkYDeYBTULVHHXSvkU7QBXolxLT80HAI5pyFCv2YsuL98/2O9pl3RZuHx3yYKHxwvMDGo3KI4HByWTW8M22kYNnGzAfFZ0XKeRPuGzU+Y/qeJjheGdmTfJPVwsoOEFW+smKyTrp+lDTx6ob6aqD/VJDvFGVzD/tlatUtMN7vQxLgrcY+CuGg4qNSXYvS525MlNv8HDnjmmD68gI1OTryiE27rDVkyl9dgN3qQd0Xx8Nr18K5dajPWeZpf4GGU8rV9KjvwCGmi8ybDyLQAuZDxS/B3KiBe8JH5tcsu65IhhC7j0BVmDq3pDjgcyiuLCB7TDHFJKbQk3WX9WZ1U0Q7hYeC2xtq3KEPW1UnEOZBgTE3fWynBIWAIQ/YxolIGSYQb8QbPJCqbPhVTghKjl3zW9gf1aZfo/ilhLaQUI5ud6VCbl5KTGVNaHIiRvDU1QCUQaT0VDOIoPjsGpShNFlCwa33uoUWWsLbd4E7wYJVVs76xnlvV3HzNGL2HA7IidgPjQrvy9AuBdoB&p=
      Response
      HTTP/2.0 200
      cache-control: no-store, no-cache
      pragma: no-cache
      content-length: 131
      content-type: application/json; charset=utf-8
      expires: Mon, 01 Jan 0001 00:00:00 GMT
      server: Microsoft-IIS/10.0
      arc-rsp-dbg: [{"DcoPlusDebug":"Status: Ok"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}]
      accept-ch: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
      x-aspnet-version: 4.0.30319
      x-powered-by: ASP.NET
      strict-transport-security: max-age=31536000; includeSubDomains
      date: Thu, 19 Dec 2024 19:17:23 GMT
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      181.129.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      181.129.81.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • 20.223.35.26:443
      https://fd.api.iris.microsoft.com/v4/api/selection?&asid=719ADFC40728472198ECB312BC3EAFCC&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929115&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3A75DBBE49-1462-4A71-00DB-721CFF439F3C&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=11777&tsu=11777
      tls, http2
      2.7kB
       7.4kB
       19
      12

      HTTP Request

      GET https://fd.api.iris.microsoft.com/v4/api/selection?&asid=719ADFC40728472198ECB312BC3EAFCC&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929115&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3A75DBBE49-1462-4A71-00DB-721CFF439F3C&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=11777&tsu=11777

      HTTP Response

      200
    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      88.210.23.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      88.210.23.2.in-addr.arpa

    • 8.8.8.8:53
      17.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      17.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      fd.api.iris.microsoft.com
      dns
      71 B
       197 B
       1
      1

      DNS Request

      fd.api.iris.microsoft.com

      DNS Response

      20.223.35.26

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      181.129.81.91.in-addr.arpa
      dns
      72 B
       147 B
       1
      1

      DNS Request

      181.129.81.91.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      19.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      19.229.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.