Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Rdp Cracking tool.zip

windows7-x64

10

Rdp Cracking tool.zip

windows10-2004-x64

1

Rdp Cracki...g1.exe

windows7-x64

3

Rdp Cracki...g1.exe

windows10-2004-x64

3

Rdp Cracki...or.exe

windows7-x64

10

Rdp Cracki...or.exe

windows10-2004-x64

10

Rdp Cracki...e4.dll

windows7-x64

3

Rdp Cracki...e4.dll

windows10-2004-x64

3

Rdp Cracki...i4.dll

windows7-x64

3

Rdp Cracki...i4.dll

windows10-2004-x64

3

Rdp Cracki...k4.dll

windows7-x64

3

Rdp Cracki...k4.dll

windows10-2004-x64

3

Rdp Cracki...ts.txt

windows7-x64

1

Rdp Cracki...ts.txt

windows10-2004-x64

1

Rdp Cracki...ng.cfg

windows7-x64

1

Rdp Cracki...ng.cfg

windows10-2004-x64

1

Rdp Cracki...g1.jpg

windows7-x64

1

Rdp Cracki...g1.jpg

windows10-2004-x64

1

Rdp Cracki...g1.jpg

windows7-x64

1

Rdp Cracki...g1.jpg

windows10-2004-x64

1

Rdp Cracki...g1.exe

windows7-x64

9

Rdp Cracki...g1.exe

windows10-2004-x64

9

Rdp Cracki...or.exe

windows7-x64

10

Rdp Cracki...or.exe

windows10-2004-x64

10

Rdp Cracki...Me.txt

windows7-x64

1

Rdp Cracki...Me.txt

windows10-2004-x64

1

Rdp Cracki...ls.txt

windows7-x64

1

Rdp Cracki...ls.txt

windows10-2004-x64

1

Rdp Cracki...od.txt

windows7-x64

1

Rdp Cracki...od.txt

windows10-2004-x64

1

Rdp Cracki...rs.txt

windows7-x64

1

Rdp Cracki...rs.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    361s
  • max time network
    362s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/01/2025, 20:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rdp Cracking tool @ virusbug1/KPortScan 3.0 @virusbug1/KPortScan3 @virusbug1.exe

  • Size

    191KB

  • MD5

    47e24bb0723a41606259b71c34b2e5e2

  • SHA1

    dec3e4e1509d293058848d53af25b0cfba804cdd

  • SHA256

    476c5a362a758bca9ac441b673cd0777982ea3a6ca13b4299c3ff15c780262a4

  • SHA512

    a125b431e2add3e74eb58d3abe26063ab8d846e625c144ecee6dc1ef599b1dd783ef5757c9dfa37e446210649b6426575333b4607db523ad7bd556fc60ef7d96

  • SSDEEP

    3072:FwYXnaz7fOTkQTwokTqLIOt6r+9dEPlUIbrMOFTfM0OZhEt3hjOrX7a0K2gY7fq2:y+naz7OTkNPTqLIOt6r+9dEPlUIbrMOE

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rdp Cracking tool @ virusbug1\KPortScan 3.0 @virusbug1\KPortScan3 @virusbug1.exe
    "C:\Users\Admin\AppData\Local\Temp\Rdp Cracking tool @ virusbug1\KPortScan 3.0 @virusbug1\KPortScan3 @virusbug1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2616

Network

  • flag-us
    DNS
    www.proxysecurity.com
    KPortScan3 @virusbug1.exe
    Remote address:
    8.8.8.8:53
    Request
    www.proxysecurity.com
    IN A
    Response
    www.proxysecurity.com
    IN A
    96.126.123.244
    www.proxysecurity.com
    IN A
    45.33.23.183
    www.proxysecurity.com
    IN A
    45.33.18.44
    www.proxysecurity.com
    IN A
    45.33.2.79
    www.proxysecurity.com
    IN A
    45.56.79.23
    www.proxysecurity.com
    IN A
    45.33.20.235
    www.proxysecurity.com
    IN A
    45.79.19.196
    www.proxysecurity.com
    IN A
    72.14.178.174
    www.proxysecurity.com
    IN A
    173.255.194.134
    www.proxysecurity.com
    IN A
    72.14.185.43
    www.proxysecurity.com
    IN A
    198.58.118.167
    www.proxysecurity.com
    IN A
    45.33.30.197
  • flag-us
    GET
    http://www.proxysecurity.com/ip-address-range.php?country=
    KPortScan3 @virusbug1.exe
    Remote address:
    96.126.123.244:80
    Request
    GET /ip-address-range.php?country= HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Accept-Language: en-US,*
    User-Agent: Mozilla/5.0
    Host: www.proxysecurity.com
    Response
    HTTP/1.1 403 Forbidden
    server: openresty/1.13.6.1
    date: Thu, 23 Jan 2025 20:20:09 GMT
    content-type: text/html
    content-length: 175
    x-fail-reason: Bad Actor
    connection: close
  • flag-us
    GET
    http://www.proxysecurity.com/ip-address-range.php?country=AFGHANISTAN
    KPortScan3 @virusbug1.exe
    Remote address:
    96.126.123.244:80
    Request
    GET /ip-address-range.php?country=AFGHANISTAN HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Accept-Language: en-US,*
    User-Agent: Mozilla/5.0
    Host: www.proxysecurity.com
    Response
    HTTP/1.1 403 Forbidden
    server: openresty/1.13.6.1
    date: Thu, 23 Jan 2025 20:20:20 GMT
    content-type: text/html
    content-length: 175
    x-fail-reason: Bad Actor
    connection: close
  • 96.126.123.244:80
    http://www.proxysecurity.com/ip-address-range.php?country=
    http
    KPortScan3 @virusbug1.exe
    404 B
     529 B
     5
    4

    HTTP Request

    GET http://www.proxysecurity.com/ip-address-range.php?country=

    HTTP Response

    403
  • 96.126.123.244:80
    http://www.proxysecurity.com/ip-address-range.php?country=AFGHANISTAN
    http
    KPortScan3 @virusbug1.exe
    415 B
     529 B
     5
    4

    HTTP Request

    GET http://www.proxysecurity.com/ip-address-range.php?country=AFGHANISTAN

    HTTP Response

    403
  • 8.8.8.8:53
    www.proxysecurity.com
    dns
    KPortScan3 @virusbug1.exe
    67 B
     259 B
     1
    1

    DNS Request

    www.proxysecurity.com

    DNS Response

    96.126.123.244
    45.33.23.183
    45.33.18.44
    45.33.2.79
    45.56.79.23
    45.33.20.235
    45.79.19.196
    72.14.178.174
    173.255.194.134
    72.14.185.43
    198.58.118.167
    45.33.30.197

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.