Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

processhac...in.zip

windows10-1703-x64

1

x64/ProcessHacker.exe

windows10-1703-x64

1

x64/kproce...er.exe

windows10-1703-x64

x64/peview.exe

windows10-1703-x64

3

x64/plugin...ls.dll

windows10-1703-x64

1

x64/plugin...ns.dll

windows10-1703-x64

1

x64/plugin...es.dll

windows10-1703-x64

1

x64/plugin...ls.dll

windows10-1703-x64

1

x64/plugin...es.dll

windows10-1703-x64

1

x64/plugin...ls.dll

windows10-1703-x64

1

x64/plugin...ks.dll

windows10-1703-x64

1

x64/plugin...rt.dll

windows10-1703-x64

1

x64/plugin...us.dll

windows10-1703-x64

1

x64/plugin...er.dll

windows10-1703-x64

1

x64/plugin...es.dll

windows10-1703-x64

1

x64/plugin...er.dll

windows10-1703-x64

1

x86/ProcessHacker.exe

windows10-1703-x64

1

x86/kproce...er.exe

windows10-1703-x64

x86/peview.exe

windows10-1703-x64

3

x86/plugin...ls.dll

windows10-1703-x64

1

x86/plugin...ns.dll

windows10-1703-x64

1

x86/plugin...es.dll

windows10-1703-x64

1

x86/plugin...ls.dll

windows10-1703-x64

1

x86/plugin...es.dll

windows10-1703-x64

1

x86/plugin...ls.dll

windows10-1703-x64

1

x86/plugin...ks.dll

windows10-1703-x64

1

x86/plugin...rt.dll

windows10-1703-x64

1

x86/plugin...us.dll

windows10-1703-x64

1

x86/plugin...er.dll

windows10-1703-x64

1

x86/plugin...es.dll

windows10-1703-x64

1

x86/plugin...er.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    82s
  • max time network
    153s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/03/2023, 03:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x86/plugins/NetworkTools.dll

  • Size

    116KB

  • MD5

    a5de58251832d3aef63fee13c96b10d2

  • SHA1

    9e598c1fd1539c1bfb5b55ebdacbe41c1ac26600

  • SHA256

    62472b33ba6fe0f4c5f4997236b3e0d9053c9e2de9730e3db78d2749a2bea6c4

  • SHA512

    dacfded99026f0a24dbf06c9b2c12e819dbeb1509441df2d9fa0e2d3048f2de64ebe259d5909fe88a24fabadf262595b4b96064bc17cf9347296b386e273a0c2

  • SSDEEP

    1536:4zPf2Sz6wBaABOKcRmRkaPTTd4BXcVPZdjshsWk1cdeB7PIQl4jhNj:4zPf2SzuK9RkOTTd4BMdrEeB7AQl4j7

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\plugins\NetworkTools.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\plugins\NetworkTools.dll,#1
      2⤵
        PID:1900

    Network

    • flag-us
      DNS
      44.8.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      44.8.109.52.in-addr.arpa
      IN PTR
      Response
    • 20.42.65.84:443
      322 B
       7
    • 8.8.8.8:53
      44.8.109.52.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      44.8.109.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.