Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

72213502be...f9.dll

windows7-x64

8

72213502be...f9.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    184s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 22:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72213502be1cd5438425362f8436abb606a65c97353470583bc05730b0ccb6f9.dll

  • Size

    108KB

  • MD5

    4535afc7c41da7344957fb17d2ff00f7

  • SHA1

    63a5f9d467006d68db5f9d16a8198711b8a12944

  • SHA256

    72213502be1cd5438425362f8436abb606a65c97353470583bc05730b0ccb6f9

  • SHA512

    d9eeb3a8c1bfb13c8ceb487cf5b22b6fe469d29660bad991e2367898c82452e11cb839c072260138eeb6d7ee842af6d1c8be5531830ff958815aa38f5d9a7a6e

  • SSDEEP

    3072:PXRdhEKHgnmiUbnoiYdMJdLiPKAS+xY+8/:PfhEKHkFRoAS9+8/

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\72213502be1cd5438425362f8436abb606a65c97353470583bc05730b0ccb6f9.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\72213502be1cd5438425362f8436abb606a65c97353470583bc05730b0ccb6f9.dll,#1
      2⤵
        PID:1504
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 616
          3⤵
          • Program crash
          PID:3960
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1504 -ip 1504
      1⤵
        PID:1360

      Network

      • flag-unknown
        DNS
        97.97.242.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        97.97.242.52.in-addr.arpa
        IN PTR
        Response
      • flag-unknown
        DNS
        176.122.125.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        176.122.125.40.in-addr.arpa
        IN PTR
        Response
      • 52.182.143.208:443
        322 B
         7
      • 87.248.202.1:80
        322 B
         7
      • 87.248.202.1:80
        322 B
         7
      • 87.248.202.1:80
        322 B
         7
      • 8.8.8.8:53
        97.97.242.52.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        97.97.242.52.in-addr.arpa

      • 8.8.8.8:53
        176.122.125.40.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        176.122.125.40.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.