Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

tpkcom.dll

windows7-x64

1

tpkcom.dll

windows10-2004-x64

1

tpkproxy.dll

windows7-x64

1

tpkproxy.dll

windows10-2004-x64

1

tpkproxy2015.dll

windows7-x64

3

tpkproxy2015.dll

windows10-2004-x64

3

tpkreport.dll

windows7-x64

1

tpkreport.dll

windows10-2004-x64

1

tpkreport2015.dll

windows7-x64

3

tpkreport2015.dll

windows10-2004-x64

3

tpktt.dll

windows7-x64

1

tpktt.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/08/2023, 20:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tpktt.dll

  • Size

    9.8MB

  • MD5

    14c02f2c7fb7e8d066300f692eadb253

  • SHA1

    61b61705b383c47af98a3e0b4a7e19b1f58504f9

  • SHA256

    06f9c495e597dc08110a1711be70e01ae7f8c07832f4df7cb0d51b49d6fa2fda

  • SHA512

    8d3c4c4e4c00446a5af8b52457634ac4db60ff88d9a1b8679042bf35393d908002299d6f1a081d1d3d70ac4e46be5eca71999cc38525de41bed2277f2b4bd6f7

  • SSDEEP

    196608:uAeng1/2wW3JefN2Amec9dSqBzfgxq+y6KN2t59/2:DtEefN2Amec9d35gxq+RR2

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\tpktt.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4264
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\tpktt.dll,#1
      2⤵
        PID:4944

    Network

    • flag-us
      DNS
      208.194.73.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      208.194.73.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      254.211.247.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      254.211.247.8.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      126.177.238.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      126.177.238.8.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.16.208.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.16.208.104.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      208.194.73.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      208.194.73.20.in-addr.arpa

    • 8.8.8.8:53
      254.211.247.8.in-addr.arpa
      dns
      72 B
       126 B
       1
      1

      DNS Request

      254.211.247.8.in-addr.arpa

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      126.177.238.8.in-addr.arpa
      dns
      72 B
       126 B
       1
      1

      DNS Request

      126.177.238.8.in-addr.arpa

    • 8.8.8.8:53
      88.16.208.104.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      88.16.208.104.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.