Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

cb415d9cd7...10.dll

windows7-x64

8

cb415d9cd7...10.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 17:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb415d9cd7bdeca9181ad54b15f29e86e91184197696fd73d6e41ec2d2dd6b10.dll

  • Size

    4.4MB

  • MD5

    5e8683eb92d7b945891bbb4b84a55ef5

  • SHA1

    8d6cfd7576811f861700bd185abaa68548e732c4

  • SHA256

    cb415d9cd7bdeca9181ad54b15f29e86e91184197696fd73d6e41ec2d2dd6b10

  • SHA512

    f7fd0d865549759f77c856d1d2e409e1a0197bb587df38e61db68eb10ee5a8330f2e87319b3d7d87691e32445ea9203f463d18ba2c67a757e25aa1dbe1348682

  • SSDEEP

    98304:9/E6evtnF4YC6wGVvg0RT1pzPVUv0YXKBBi21Ng700wm:98tBGF6ZvRrOP0Bi6g700w

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb415d9cd7bdeca9181ad54b15f29e86e91184197696fd73d6e41ec2d2dd6b10.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb415d9cd7bdeca9181ad54b15f29e86e91184197696fd73d6e41ec2d2dd6b10.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1988

Network

  • flag-us
    DNS
    dls.d11k.com
    rundll32.exe
    Remote address:
    8.8.8.8:53
    Request
    dls.d11k.com
    IN A
    Response
    dls.d11k.com
    IN A
    183.131.85.245
  • 183.131.85.245:443
    dls.d11k.com
    tls
    rundll32.exe
    1.3kB
     7.6kB
     12
    13
  • 8.8.8.8:53
    dls.d11k.com
    dns
    rundll32.exe
    58 B
     74 B
     1
    1

    DNS Request

    dls.d11k.com

    DNS Response

    183.131.85.245

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E2EECore.3.3.8.dll
    Filesize

    10.6MB

    MD5

    c1f7712711b59ed492ac4100cd76b8a1

    SHA1

    c548f1192890ebd924e5f47ccbfd4e607e322a36

    SHA256

    2f36f67c960644b5d53b24791b014c9758285256547f883b6db86cbeb734ef86

    SHA512

    682168ad42ad75e7c4a69e515636733c85a3380a260d681ceddff61f9d8529689307305e72b26406236439d9037e2e6be3ac53497c110f610710e830d4fedac7

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.