Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

694b95319c...3a.dll

windows7-x64

5

694b95319c...3a.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    166s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 03:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    694b95319c984182dde3fbf907dd5eb897c8c34a6258df2e3e39abc41c6ed33a.dll

  • Size

    1.4MB

  • MD5

    5b85080e2d4a9ea46fd84f7aaa6e9f99

  • SHA1

    7f6ecb715405bd7c5f1fbf541f3af3baf434123c

  • SHA256

    694b95319c984182dde3fbf907dd5eb897c8c34a6258df2e3e39abc41c6ed33a

  • SHA512

    634b7e6fd932f4d5b11f133be6cd01d0dee8d279bfdec9165806c2e1d25bd65d4f7b2cdaac73a8c24bc1043e1970c85201b73d5c7468a0fe04948be07c1f0c69

  • SSDEEP

    24576:HRheT8MiAEsxbkQnkJNm6eA3oVVvfVXr01sVPvJJ:HR4TmAyJNmkQhrmQHH

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\694b95319c984182dde3fbf907dd5eb897c8c34a6258df2e3e39abc41c6ed33a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\694b95319c984182dde3fbf907dd5eb897c8c34a6258df2e3e39abc41c6ed33a.dll,#1
      2⤵
      • Drops file in System32 directory
      PID:3672

Network

  • flag-unknown
    DNS
    96.108.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.108.152.52.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    46 B
     40 B
     1
    1
  • 40.74.98.195:443
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 52.242.97.97:443
    260 B
     5
  • 8.8.8.8:53
    96.108.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    96.108.152.52.in-addr.arpa

  • 8.8.8.8:53
    d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.