Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
61s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
30/03/2023, 12:38 UTC
General
-
Target
9ca48d49a500acadbdf5832846f904187bd4952e25559e8de3d1209ffba4563b.dll
-
Size
5KB
-
MD5
c042116ce24984f722f8aa9b6e17c405
-
SHA1
d4e3288732d55274aba43560044fc61f9d8c22b7
-
SHA256
9ca48d49a500acadbdf5832846f904187bd4952e25559e8de3d1209ffba4563b
-
SHA512
80806566cc89f10e7fd72fef25d6ffaa127e406df3abc7ffa1dd8c81cd04c102677d8fbb5a53d63aa02b30bc44b38285fbbb04edae4f6bbe54db955f6d22c1ea
-
SSDEEP
48:ZAa464sWtq2ANGLjnGVO0PQ7OrmG0gbCI8:Z5joq2mGLbGFBr30gbC
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9ca48d49a500acadbdf5832846f904187bd4952e25559e8de3d1209ffba4563b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9ca48d49a500acadbdf5832846f904187bd4952e25559e8de3d1209ffba4563b.dll,#12⤵
-
Network
-
DNS149.220.183.52.in-addr.arpaRemote address:8.8.8.8:53Request149.220.183.52.in-addr.arpaIN PTRResponse -
DNS123.108.74.40.in-addr.arpaRemote address:8.8.8.8:53Request123.108.74.40.in-addr.arpaIN PTRResponse
-
DNS164.2.77.40.in-addr.arpaRemote address:8.8.8.8:53Request164.2.77.40.in-addr.arpaIN PTRResponse
-
DNS62.13.109.52.in-addr.arpaRemote address:8.8.8.8:53Request62.13.109.52.in-addr.arpaIN PTRResponse
-
117.18.237.29:80
-
20.189.173.1:443
-
8.238.177.126:80 -
173.223.113.164:443
-
173.223.113.131:80
-
8.238.177.126:80
-
8.8.8.8:53149.220.183.52.in-addr.arpadns
DNS Request
149.220.183.52.in-addr.arpa
-
8.8.8.8:53123.108.74.40.in-addr.arpadns
DNS Request
123.108.74.40.in-addr.arpa
-
8.8.8.8:53164.2.77.40.in-addr.arpadns
DNS Request
164.2.77.40.in-addr.arpa
-
8.8.8.8:5362.13.109.52.in-addr.arpadns
DNS Request
62.13.109.52.in-addr.arpa