Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

cf2a0ce0b6...36.dll

windows7-x64

1

cf2a0ce0b6...36.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    186s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 11:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf2a0ce0b6df38b1faf2358dcc9e5f571829e22dad84d697378f25998e93fc36.dll

  • Size

    3KB

  • MD5

    22078a2dbb51f1cf1ef78ac9fc9780a0

  • SHA1

    e8fdb8f8fa174230e3b67e5362b2a1f9b8f87102

  • SHA256

    cf2a0ce0b6df38b1faf2358dcc9e5f571829e22dad84d697378f25998e93fc36

  • SHA512

    a64638890ca8695bd38413c0794fad76d2629797d17a7e68b682a92654821632541d72cc4e17402f658bcd5ea2eb12b7a761f632c034abda769171ffe0b71dab

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf2a0ce0b6df38b1faf2358dcc9e5f571829e22dad84d697378f25998e93fc36.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf2a0ce0b6df38b1faf2358dcc9e5f571829e22dad84d697378f25998e93fc36.dll,#1
      2⤵
        PID:2896

    Network

    • flag-unknown
      DNS
      151.122.125.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      151.122.125.40.in-addr.arpa
      IN PTR
      Response
    • flag-unknown
      DNS
      226.101.242.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      226.101.242.52.in-addr.arpa
      IN PTR
      Response
    • flag-unknown
      DNS
      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      IN PTR
      Response
    • 72.21.81.240:80
      322 B
       7
    • 72.21.81.240:80
      322 B
       7
    • 104.80.225.205:443
      322 B
       7
    • 20.189.173.11:443
      322 B
       7
    • 72.21.81.240:80
      260 B
       5
    • 72.21.81.240:80
      322 B
       7
    • 72.21.81.240:80
      322 B
       7
    • 72.21.81.240:80
      322 B
       7
    • 72.21.81.240:80
      260 B
       5
    • 72.21.81.240:80
      260 B
       5
    • 8.8.8.8:53
      151.122.125.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      151.122.125.40.in-addr.arpa

    • 8.8.8.8:53
      226.101.242.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      226.101.242.52.in-addr.arpa

    • 8.8.8.8:53
      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      dns
      118 B
       204 B
       1
      1

      DNS Request

      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.