Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

libgmp-10.dll

windows7-x64

3

libgmp-10.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    84s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/03/2023, 17:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    libgmp-10.dll

  • Size

    497KB

  • MD5

    1b73b0dcc505152ea8923eebb075244d

  • SHA1

    bde642fcd0d6bd4709c45a0735593ed8ef44e0c9

  • SHA256

    daa0a2d32134a108ab3af38899d8b6cf4bfc75e3d1d7c3a890a25cedd018afa1

  • SHA512

    88e7cf532b33f050e9dc0589d8e17e4af46d3de5aa9626ec713281359e06347182bee0bc62fa55f18fdc6cc7953964455d946630cf33749ce0af50939f7fd74a

  • SSDEEP

    12288:ghWlLF45Vn42SEgwNrQi3I0HHFxl6NU7lw8FbEF3l:gmLF4w2SFwNrQiY0H56T8FbEF3l

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\libgmp-10.dll,#1
    1⤵
      PID:2420
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2420 -s 328
        2⤵
        • Program crash
        PID:2216
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 424 -p 2420 -ip 2420
      1⤵
        PID:2600

      Network

      • flag-us
        DNS
        232.168.11.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.168.11.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        22.160.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        22.160.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        199.176.139.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        199.176.139.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        154.239.44.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        154.239.44.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        97.238.32.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        97.238.32.23.in-addr.arpa
        IN PTR
        Response
        97.238.32.23.in-addr.arpa
        IN PTR
        a23-32-238-97deploystaticakamaitechnologiescom
      • flag-us
        DNS
        144.168.210.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        144.168.210.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        63.13.109.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        63.13.109.52.in-addr.arpa
        IN PTR
        Response
      • 20.42.65.89:443
        322 B
         7
      • 8.238.20.126:80
        322 B
         7
      • 8.238.177.126:80
        322 B
         7
      • 173.223.113.164:443
        322 B
         7
      • 173.223.113.131:80
        322 B
         7
      • 8.238.177.126:80
        322 B
         7
      • 8.238.177.126:80
        322 B
         7
      • 8.8.8.8:53
        232.168.11.51.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        232.168.11.51.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        22.160.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        22.160.190.20.in-addr.arpa

      • 8.8.8.8:53
        199.176.139.52.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        199.176.139.52.in-addr.arpa

      • 8.8.8.8:53
        154.239.44.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        154.239.44.20.in-addr.arpa

      • 8.8.8.8:53
        97.238.32.23.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        97.238.32.23.in-addr.arpa

      • 8.8.8.8:53
        144.168.210.20.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        144.168.210.20.in-addr.arpa

      • 8.8.8.8:53
        63.13.109.52.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        63.13.109.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2420-133-0x000000006ACC0000-0x000000006AD45000-memory.dmp

        Filesize

        532KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.