Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

942367a5c7...4c.dll

windows7-x64

1

942367a5c7...4c.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    180s
  • max time network
    204s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 21:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    942367a5c7d55f9b5f156b83a0933211b67944208be7103cb556c774e7afb64c.dll

  • Size

    1.7MB

  • MD5

    69c143b1afce1bb03e99645736d6ca4c

  • SHA1

    e54c58c096b7262803e818668c6c51eb30adad1f

  • SHA256

    942367a5c7d55f9b5f156b83a0933211b67944208be7103cb556c774e7afb64c

  • SHA512

    bf85d202b9146ea9e602589dfbc60e101ad4a18a1320def87cd93f3e6026758a13aae7b14c7f9f87c8eef013b4ca349346384ad3bea129567d92afc56ca9de35

  • SSDEEP

    49152:HsbMCG4Zoj00+tYCRAjyEYmnpd35Ck7+f:6MCGEhYXWED5r7s

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\942367a5c7d55f9b5f156b83a0933211b67944208be7103cb556c774e7afb64c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\942367a5c7d55f9b5f156b83a0933211b67944208be7103cb556c774e7afb64c.dll,#1
      2⤵
        PID:1996

    Network

    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    • flag-unknown
      DNS
      wgeto.cz.cc
      rundll32.exe
      Remote address:
      8.8.8.8:53
      Request
      wgeto.cz.cc
      IN A
      Response
    No results found
    • 8.8.8.8:53
      wgeto.cz.cc
      dns
      rundll32.exe
      171 B
       171 B
       3
      3

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

    • 8.8.8.8:53
      wgeto.cz.cc
      dns
      rundll32.exe
      171 B
       171 B
       3
      3

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

    • 8.8.8.8:53
      wgeto.cz.cc
      dns
      rundll32.exe
      171 B
       171 B
       3
      3

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

    • 8.8.8.8:53
      wgeto.cz.cc
      dns
      rundll32.exe
      171 B
       171 B
       3
      3

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

    • 8.8.8.8:53
      wgeto.cz.cc
      dns
      rundll32.exe
      171 B
       171 B
       3
      3

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

    • 8.8.8.8:53
      wgeto.cz.cc
      dns
      rundll32.exe
      171 B
       171 B
       3
      3

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

    • 8.8.8.8:53
      wgeto.cz.cc
      dns
      rundll32.exe
      171 B
       171 B
       3
      3

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

      DNS Request

      wgeto.cz.cc

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1996-55-0x0000000075511000-0x0000000075513000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1996-56-0x0000000074D11000-0x0000000074D13000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1996-57-0x00000000001F0000-0x00000000001FF000-memory.dmp

      Filesize

      60KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.