Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

processhac...in.zip

windows10-1703-x64

1

x64/ProcessHacker.exe

windows10-1703-x64

1

x64/kproce...er.exe

windows10-1703-x64

x64/peview.exe

windows10-1703-x64

3

x64/plugin...ls.dll

windows10-1703-x64

1

x64/plugin...ns.dll

windows10-1703-x64

1

x64/plugin...es.dll

windows10-1703-x64

1

x64/plugin...ls.dll

windows10-1703-x64

1

x64/plugin...es.dll

windows10-1703-x64

1

x64/plugin...ls.dll

windows10-1703-x64

1

x64/plugin...ks.dll

windows10-1703-x64

1

x64/plugin...rt.dll

windows10-1703-x64

1

x64/plugin...us.dll

windows10-1703-x64

1

x64/plugin...er.dll

windows10-1703-x64

1

x64/plugin...es.dll

windows10-1703-x64

1

x64/plugin...er.dll

windows10-1703-x64

1

x86/ProcessHacker.exe

windows10-1703-x64

1

x86/kproce...er.exe

windows10-1703-x64

x86/peview.exe

windows10-1703-x64

3

x86/plugin...ls.dll

windows10-1703-x64

1

x86/plugin...ns.dll

windows10-1703-x64

1

x86/plugin...es.dll

windows10-1703-x64

1

x86/plugin...ls.dll

windows10-1703-x64

1

x86/plugin...es.dll

windows10-1703-x64

1

x86/plugin...ls.dll

windows10-1703-x64

1

x86/plugin...ks.dll

windows10-1703-x64

1

x86/plugin...rt.dll

windows10-1703-x64

1

x86/plugin...us.dll

windows10-1703-x64

1

x86/plugin...er.dll

windows10-1703-x64

1

x86/plugin...es.dll

windows10-1703-x64

1

x86/plugin...er.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    57s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/03/2023, 03:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x86/plugins/SbieSupport.dll

  • Size

    81KB

  • MD5

    4daa3b45699017dce248b0e6f634885f

  • SHA1

    c155ec9e2b1ab9b6178074ac3f7900bedff89cae

  • SHA256

    d28a6bd0cbbe33c05586edbfa7266c85355e5762afd89a3633a23136723b625e

  • SHA512

    a0e05a0aac333a7f62961e77f6ea1587bb16a986cf7cbd24f0f39942bf4403b9438f98e553c72643ead742590d0f300b605027cc9bc92a47a523167e2f2765e2

  • SSDEEP

    1536:c1CLBSfuO2cTwGQXmj51Dds5Ecj3ksWhcdgZCnQnmxukfK1:c1CVg51Dpcjlg8nQnmxuky1

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\plugins\SbieSupport.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3704
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\plugins\SbieSupport.dll,#1
      2⤵
        PID:3748

    Network

    • flag-us
      DNS
      203.151.224.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      203.151.224.20.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      203.151.224.20.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      203.151.224.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.