Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

dd9ff6533a...f2.dll

windows7-x64

8

dd9ff6533a...f2.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    159s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 01:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd9ff6533a6c7dbf6a89f600827224f9b7d3c6c3b4223da630003a800f2438f2.dll

  • Size

    22KB

  • MD5

    7626e0cc2260c6a4b740c131e8b87720

  • SHA1

    42f4ca561d1909e9b1c9b216884bf3116a357baa

  • SHA256

    dd9ff6533a6c7dbf6a89f600827224f9b7d3c6c3b4223da630003a800f2438f2

  • SHA512

    26b415aa5472c3c856c6d002a8f746f7fa96a81beaf5d4f4620627a31cf56ad9b0f02e99ab94499fee0fda0e856310c94f23ebae9509e3ecb141fcb4ee9df836

  • SSDEEP

    192:dcfCmhb4GXqHdftgcxPiXioq/mFsKrinDHbOQr/yJerT8sKfcmMamTtZXB2pBlVx:dcfCmquaFyFXEqrinDHD7yJ5Jcm0tZYF

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd9ff6533a6c7dbf6a89f600827224f9b7d3c6c3b4223da630003a800f2438f2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd9ff6533a6c7dbf6a89f600827224f9b7d3c6c3b4223da630003a800f2438f2.dll,#1
      2⤵
        PID:4496
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 624
          3⤵
          • Program crash
          PID:2272
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4496 -ip 4496
      1⤵
        PID:1596

      Network

      • flag-unknown
        DNS
        226.101.242.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        226.101.242.52.in-addr.arpa
        IN PTR
        Response
      • 93.184.221.240:80
        260 B
         5
      • 20.224.151.203:443
        40 B
         1
      • 93.184.221.240:80
        260 B
         5
      • 93.184.221.240:80
        260 B
         5
      • 95.101.78.106:80
        322 B
         7
      • 95.101.78.106:80
        322 B
         7
      • 51.116.253.168:443
        322 B
         7
      • 93.184.221.240:80
        322 B
         7
      • 93.184.220.29:80
        46 B
         40 B
         1
        1
      • 93.184.221.240:80
        322 B
         7
      • 93.184.221.240:80
        260 B
         5
      • 93.184.221.240:80
        260 B
         5
      • 93.184.220.29:80
        322 B
         7
      • 93.184.221.240:80
        260 B
         5
      • 8.8.8.8:53
        226.101.242.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        226.101.242.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4496-133-0x0000000010000000-0x000000001000A000-memory.dmp

        Filesize

        40KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.