Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

d82f9553b0...44.dll

windows7-x64

6

d82f9553b0...44.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    191s
  • max time network
    230s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 16:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744.dll

  • Size

    588KB

  • MD5

    02a730cf2ff599d69e9df4d842457780

  • SHA1

    27acd4940ab32b4e72e6433efd3c3470141739b8

  • SHA256

    d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744

  • SHA512

    7caeb8f96c92aae454127ab6ce3d98b0392b21c6cc071de362cb62826451276d1083e3e11d025d0575b312998c7eabb29d38c1e536e9421d801600faa2a36548

  • SSDEEP

    12288:kET3hqDhHa0aGvI+7HlqaZbdUC9dDaupHptLb1Oc8om:kE1BGvI+TM4dd9dDaKb1p

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744.dll,#1
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:832
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:1136
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3756
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4552
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:82948 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17414 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1820
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:82952 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:5036
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17420 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1300

    Network

    • flag-unknown
      DNS
      feedyourppcdirect.com
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      feedyourppcdirect.com
      IN A
      Response
    • flag-unknown
      DNS
      feedyourppcdirect.com
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      feedyourppcdirect.com
      IN A
      Response
    • flag-unknown
      DNS
      15.89.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.89.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-unknown
      DNS
      14.110.152.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.110.152.52.in-addr.arpa
      IN PTR
      Response
    • flag-unknown
      DNS
      feedyourppcdirect.com
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      feedyourppcdirect.com
      IN A
      Response
    • 93.184.221.240:80
      46 B
       40 B
       1
      1
    • 104.80.225.205:443
      322 B
       7
    • 93.184.221.240:80
      260 B
       5
    • 40.79.189.58:443
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls, http2
      iexplore.exe
      1.2kB
       8.1kB
       15
      14
    • 8.8.8.8:53
      feedyourppcdirect.com
      dns
      rundll32.exe
      67 B
       140 B
       1
      1

      DNS Request

      feedyourppcdirect.com

    • 8.8.8.8:53
      feedyourppcdirect.com
      dns
      rundll32.exe
      67 B
       140 B
       1
      1

      DNS Request

      feedyourppcdirect.com

    • 8.8.8.8:53
      15.89.54.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      15.89.54.20.in-addr.arpa

    • 8.8.8.8:53
      14.110.152.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      14.110.152.52.in-addr.arpa

    • 8.8.8.8:53
      feedyourppcdirect.com
      dns
      rundll32.exe
      67 B
       140 B
       1
      1

      DNS Request

      feedyourppcdirect.com

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/832-133-0x00000000026E0000-0x0000000002773000-memory.dmp

      Filesize

      588KB

      Download

    • memory/832-137-0x0000000002660000-0x00000000026DA000-memory.dmp

      Filesize

      488KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.