Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
165s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
11/10/2022, 22:41 UTC
General
-
Target
6f85c3940eb2708c298bd174cdd10de05533f1f413119dd0c1a5d6273dc50c27.dll
-
Size
332KB
-
MD5
6eb533a1ec4dda90696c85a8a5fca50f
-
SHA1
07435b8a8014ce0eadc91021a0e149687292bf79
-
SHA256
6f85c3940eb2708c298bd174cdd10de05533f1f413119dd0c1a5d6273dc50c27
-
SHA512
fc6365c9e08c0c1d1ed0c15ea0d36b8e53ae14a5dddd4eb521b64e95455d33bb9924be592b2e9f33d96ad66096eb007b5e732fd97c94ee47eaef59c2213c8d39
-
SSDEEP
6144:vv8PUMn9u7tVwzthzLw1I/u1tHxgIh5nQCrOOOkoH:McM9u7za5U1Im3pHQCaOOfH
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6f85c3940eb2708c298bd174cdd10de05533f1f413119dd0c1a5d6273dc50c27.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6f85c3940eb2708c298bd174cdd10de05533f1f413119dd0c1a5d6273dc50c27.dll,#12⤵
-
Network
-
DNS97.97.242.52.in-addr.arpaRemote address:8.8.8.8:53Request97.97.242.52.in-addr.arpaIN PTRResponse -
DNSf.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpaRemote address:8.8.8.8:53Requestf.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpaIN PTRResponse
-
95.101.78.106:80 -
95.101.78.106:80
-
93.184.221.240:80
-
40.77.2.164:443
-
51.116.253.168:443 -
93.184.221.240:80
-
93.184.221.240:80
-
93.184.220.29:80
-
8.8.8.8:5397.97.242.52.in-addr.arpadns
DNS Request
97.97.242.52.in-addr.arpa
-
8.8.8.8:53f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpadns
DNS Request
f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB