Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
29/11/2022, 08:22 UTC
General
-
Target
66bbf517ac4ce8a6ee4a3dd3d1a8e61aa59d0eeef4fc59887c3090c7d074d397.dll
-
Size
588KB
-
MD5
f19fb3d53a2065fc61af37e59b9e13e8
-
SHA1
88de58b04f4f05bf5dff7c96fe08916a2bad2b61
-
SHA256
66bbf517ac4ce8a6ee4a3dd3d1a8e61aa59d0eeef4fc59887c3090c7d074d397
-
SHA512
47c51d8a2c2f8981d1ebbf2775164c10819e129aae41d6c0efac8048a8a2dadd89445927c8711abbb2fd67c32f6b07db1170dc48b7ff336131d1dd7b4c9a0da4
-
SSDEEP
1536:6GkmYRQcowbqwI81hDTlBSaDzdlK+hiKbZXwBOBkH+6oHLdAVNsU6:KmYRsanP1hrSaDzDZXk0k+6oHLdWGU6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\66bbf517ac4ce8a6ee4a3dd3d1a8e61aa59d0eeef4fc59887c3090c7d074d397.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\66bbf517ac4ce8a6ee4a3dd3d1a8e61aa59d0eeef4fc59887c3090c7d074d397.dll2⤵
-
Network
-
DNS164.2.77.40.in-addr.arpaRemote address:8.8.8.8:53Request164.2.77.40.in-addr.arpaIN PTRResponse -
DNS106.89.54.20.in-addr.arpaRemote address:8.8.8.8:53Request106.89.54.20.in-addr.arpaIN PTRResponse
-
72.21.81.240:80
-
72.21.81.240:80
-
8.253.208.121:80
-
8.238.20.126:80
-
104.80.225.205:443
-
52.152.108.96:443
-
40.126.31.69:443
-
40.126.31.69:443
-
20.190.159.68:443
-
8.8.8.8:53164.2.77.40.in-addr.arpadns
DNS Request
164.2.77.40.in-addr.arpa
-
8.8.8.8:53106.89.54.20.in-addr.arpadns
DNS Request
106.89.54.20.in-addr.arpa