Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

04335744fe...2a.dll

windows7-x64

8

04335744fe...2a.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    131s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 14:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04335744fe077e3a8268fa9cb947b8659a30e8da304705a072dddcb28e10cb2a.dll

  • Size

    391KB

  • MD5

    b267e7599b81711b1cde404810401a80

  • SHA1

    10ad16db0b67fd05b8d149c50aa497df7a4f94fc

  • SHA256

    04335744fe077e3a8268fa9cb947b8659a30e8da304705a072dddcb28e10cb2a

  • SHA512

    4f30ffd75f5596342a3eb44321fec6d2bd4d08b09537070a6d6ed983ed4c8d7a11792a452a6a8b21cb43b505fe2231b04aea4fb7f20074f7dc8436d1e1c63c4d

  • SSDEEP

    6144:RhqWkFqGNXYfwiGsj8VNA75eyVYAp5yi:RhqWkFHtbgey8

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\04335744fe077e3a8268fa9cb947b8659a30e8da304705a072dddcb28e10cb2a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4800
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\04335744fe077e3a8268fa9cb947b8659a30e8da304705a072dddcb28e10cb2a.dll,#1
      2⤵
        PID:1580

    Network

    • flag-unknown
      DNS
      226.101.242.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      226.101.242.52.in-addr.arpa
      IN PTR
      Response
    • flag-unknown
      DNS
      0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
      IN PTR
      Response
    • 93.184.221.240:80
      260 B
       5
    • 93.184.221.240:80
      260 B
       5
    • 20.223.24.244:443
      52 B
       1
    • 40.126.31.71:443
      260 B
       5
    • 93.184.221.240:80
      260 B
       5
    • 20.190.159.0:443
      260 B
       5
    • 13.69.239.72:443
      322 B
       7
    • 93.184.221.240:80
      260 B
       5
    • 93.184.220.29:80
      322 B
       7
    • 93.184.220.29:80
      322 B
       7
    • 93.184.220.29:80
      322 B
       7
    • 40.126.31.67:443
      260 B
       5
    • 93.184.221.240:80
      322 B
       7
    • 20.190.159.4:443
      260 B
       5
    • 104.80.225.205:443
      322 B
       7
    • 93.184.220.29:80
      260 B
       5
    • 93.184.220.29:80
      260 B
       5
    • 93.184.221.240:80
      260 B
       5
    • 8.8.8.8:53
      226.101.242.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      226.101.242.52.in-addr.arpa

    • 8.8.8.8:53
      0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
      dns
      118 B
       204 B
       1
      1

      DNS Request

      0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1580-133-0x0000000010000000-0x0000000010064000-memory.dmp

      Filesize

      400KB

      Download

    • memory/1580-134-0x00000000007C0000-0x00000000007C3000-memory.dmp

      Filesize

      12KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.