Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

052c95df0c...0b.dll

windows7-x64

1

052c95df0c...0b.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    158s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 09:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    052c95df0c6e6d43b851a4a95d72e6bff405e85d3cc12f03935dadbd1924660b.dll

  • Size

    77KB

  • MD5

    668f0873e5a15a6cbebf15f974c0a529

  • SHA1

    997bb67066b2e8ebf7cdcf0dfdec92306a318b47

  • SHA256

    052c95df0c6e6d43b851a4a95d72e6bff405e85d3cc12f03935dadbd1924660b

  • SHA512

    082b5d258b27d397e51bd493ea7540eb98af988fc285ecb192be4a4f6fd220d6413f4d828aaba4c5209deb842a5dfc0424db38bdca27b0d566aba426e900e879

  • SSDEEP

    1536:NAN0qdEsXpYB0MtPK3Hy2c8iVGtJwWh95GVoJGncxnm7Td4cPp:NW0qdPXpYVK3HfriAFX5Gakchm7Tycp

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\052c95df0c6e6d43b851a4a95d72e6bff405e85d3cc12f03935dadbd1924660b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\052c95df0c6e6d43b851a4a95d72e6bff405e85d3cc12f03935dadbd1924660b.dll,#1
      2⤵
        PID:396

    Network

    • flag-us
      DNS
      97.97.242.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.97.242.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      IN PTR
      Response
    • 93.184.221.240:80
      260 B
       5
    • 209.197.3.8:80
      322 B
       7
    • 20.189.173.14:443
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 8.8.8.8:53
      97.97.242.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.97.242.52.in-addr.arpa

    • 8.8.8.8:53
      d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      dns
      118 B
       204 B
       1
      1

      DNS Request

      d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/396-133-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.