Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
182s -
max time network
209s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
05/12/2022, 15:09 UTC
General
-
Target
35dcf7bdc7f5bbdface842b2566dd15e015bc8ca77d6031a531ef5b167ca798f.dll
-
Size
150KB
-
MD5
1cb5b879df22321c0d0cbb881b4eb209
-
SHA1
83280f83ad0e519a900c5e964e8f6ec9ba682a23
-
SHA256
35dcf7bdc7f5bbdface842b2566dd15e015bc8ca77d6031a531ef5b167ca798f
-
SHA512
8cf4ca4fe2dfda5de84417c190164077bc64231a1dd44a0e0adeb437cce68d43c6d298cc70ff07e8d164875cf6b07443e01d8110f360623474a907987a7499cb
-
SSDEEP
1536:H+UsINIJkuvfZ/AuwZnfiK1De0YiFi5IdKGm0+B1jJwmQRZChwvDH+nfw:GiyxvfGZfJDeYN/mN3EuW6fw
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35dcf7bdc7f5bbdface842b2566dd15e015bc8ca77d6031a531ef5b167ca798f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35dcf7bdc7f5bbdface842b2566dd15e015bc8ca77d6031a531ef5b167ca798f.dll,#12⤵
-
Network
-
DNS96.108.152.52.in-addr.arpaRemote address:8.8.8.8:53Request96.108.152.52.in-addr.arpaIN PTRResponse
-
96.16.53.137:80
-
8.238.23.254:80
-
8.238.23.254:80
-
8.238.23.254:80
-
93.184.220.29:80
-
8.247.211.254:80
-
20.42.73.24:443
-
178.79.208.1:80
-
104.80.225.205:443
-
8.8.8.8:5396.108.152.52.in-addr.arpadns
DNS Request
96.108.152.52.in-addr.arpa
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
164KB