Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

b5a399bbed...90.dll

windows7-x64

1

b5a399bbed...90.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    97s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2023, 10:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5a399bbed8358f6052991b234b83201c9697afd28a5e7f8d7bc471fd64c4590.dll

  • Size

    220KB

  • MD5

    33b67fc18f5cd5fffb39fb4911ea3931

  • SHA1

    615dfe703858cdf566edd8f0a0d59a9a9ff20af4

  • SHA256

    b5a399bbed8358f6052991b234b83201c9697afd28a5e7f8d7bc471fd64c4590

  • SHA512

    841657c9d76ed12bc40ad012862f84b1c3a1915c3b27e7665512dc361ed9ad63b79ebed11921bebe4952b03f1233b866438afaef2fdc66b50fa0b544cfca69d4

  • SSDEEP

    6144:tIIIIpzEtV8k+diK2+cEyecpAOGwvjECH:Lc8k+8KpfyFpMw7ECH

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5a399bbed8358f6052991b234b83201c9697afd28a5e7f8d7bc471fd64c4590.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5a399bbed8358f6052991b234b83201c9697afd28a5e7f8d7bc471fd64c4590.dll,#1
      2⤵
        PID:2000

    Network

    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.77.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.77.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.36.159.162.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.36.159.162.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • 13.89.179.8:443
      322 B
       7
    • 52.242.101.226:443
      260 B
       5
    • 117.18.232.240:80
      322 B
       7
    • 117.18.232.240:80
      322 B
       7
    • 173.223.113.164:443
      322 B
       7
    • 173.223.113.131:80
      322 B
       7
    • 204.79.197.203:80
      322 B
       7
    • 52.242.101.226:443
      260 B
       5
    • 209.197.3.8:80
      322 B
       7
    • 20.54.89.15:443
      260 B
       5
    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      2.77.109.52.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      2.77.109.52.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      2.36.159.162.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      2.36.159.162.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.