Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

SecuriteIn...84.dll

windows7-x64

1

SecuriteIn...84.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/07/2023, 14:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.10084.dll

  • Size

    14KB

  • MD5

    f3fdd4b1c32be9414c5b8709d25f2c9b

  • SHA1

    ab90b5e3599a81d7e27d568fb986c09e398f1d00

  • SHA256

    edcb25c8185dfe64d75333c78beac8533745dc6edfe34cfad75d0bd3bca6b057

  • SHA512

    92234f1829a5aed8e02ccd06d850de439889d6757ce00cedbd83177b691bfb5c9458c3d334f474ccde9ddf76be1b4b2e80735fd34d9753dcc62fa92afbaa6de5

  • SSDEEP

    384:FeK7ut3TtJLQb5z8T5abu6yaKCOzswLNQFMD1:IxTtVQ98lfWOzswLWC

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.10084.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3440
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.10084.dll,#1
      2⤵
        PID:3076
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 660
          3⤵
          • Program crash
          PID:4932
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3076 -ip 3076
      1⤵
        PID:3332

      Network

      • flag-us
        DNS
        208.194.73.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        208.194.73.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        73.31.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.31.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        59.128.231.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        59.128.231.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        161.252.72.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        161.252.72.23.in-addr.arpa
        IN PTR
        Response
        161.252.72.23.in-addr.arpa
        IN PTR
        a23-72-252-161deploystaticakamaitechnologiescom
      • flag-us
        DNS
        45.8.109.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        45.8.109.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        154.141.79.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        154.141.79.40.in-addr.arpa
        IN PTR
        Response
      No results found
      • 8.8.8.8:53
        208.194.73.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        208.194.73.20.in-addr.arpa

      • 8.8.8.8:53
        73.31.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        73.31.126.40.in-addr.arpa

      • 8.8.8.8:53
        59.128.231.4.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        59.128.231.4.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        161.252.72.23.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        161.252.72.23.in-addr.arpa

      • 8.8.8.8:53
        45.8.109.52.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        45.8.109.52.in-addr.arpa

      • 8.8.8.8:53
        154.141.79.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        154.141.79.40.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.