Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

120270ba68...e6.dll

windows7-x64

1

120270ba68...e6.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    95s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 13:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll

  • Size

    3KB

  • MD5

    a1343bef79835d35031f88c5bb6a4830

  • SHA1

    042470cab03f69792059a641e69098fba9f35ad7

  • SHA256

    120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6

  • SHA512

    01ea41e127b115d2e26f83d91eaab2f7d6c06981fdde4aaf2a37197bdfe8a3db169df0024dffd0455299cb784e6be06ee3154191f0ca93854cb40076f2b969ae

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4568
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll,#1
      2⤵
        PID:4444

    Network

    • flag-us
      DNS
      15.89.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.89.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      106.89.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      106.89.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      IN PTR
      Response
    • 93.184.220.29:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 8.8.8.8:53
      15.89.54.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      15.89.54.20.in-addr.arpa

    • 8.8.8.8:53
      106.89.54.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      106.89.54.20.in-addr.arpa

    • 8.8.8.8:53
      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      dns
      118 B
       204 B
       1
      1

      DNS Request

      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.