Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

21c17b68d8...6f.dll

windows7-x64

1

21c17b68d8...6f.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 00:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21c17b68d8be9a27620ce1368d2dae6f.dll

  • Size

    80KB

  • MD5

    21c17b68d8be9a27620ce1368d2dae6f

  • SHA1

    d92f0a7d7ff54d08d66b541af95b0d0b2cb3f743

  • SHA256

    88e1bfb47261141c91ce14007340f92209168bb6297caef10f9a1d5a11cba39a

  • SHA512

    424d912ab16e901b394366559705c2b4901b116466115be2c5e7dd7813ad2cf38c6a2b507c747c2d6af68f3d9a08691fd8fabc988c9e499da81ccec3040294d7

  • SSDEEP

    1536:qM7BuTE3mT7BAEI0gkrMKZGzJKw0tPrXTi450vvAAHImDAaOelxtlkGsdwd8j3eZ:PBwE3U7yipGzyXyvNoXaOIxtlkGwwG2

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\21c17b68d8be9a27620ce1368d2dae6f.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:712
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\21c17b68d8be9a27620ce1368d2dae6f.dll
      2⤵
        PID:2436
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 608
          3⤵
          • Program crash
          PID:4968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 2436 -ip 2436
      1⤵
        PID:4756

      Network

      • flag-us
        DNS
        1.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        1.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        1.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        1.181.190.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        146.78.124.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        146.78.124.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        177.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        177.178.17.96.in-addr.arpa
        IN PTR
        Response
        177.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-177deploystaticakamaitechnologiescom
      • flag-us
        DNS
        43.58.199.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.58.199.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
        Response
        41.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-41deploystaticakamaitechnologiescom
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        100.5.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        100.5.17.2.in-addr.arpa
        IN PTR
        Response
        100.5.17.2.in-addr.arpa
        IN PTR
        a2-17-5-100deploystaticakamaitechnologiescom
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        178.223.142.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        178.223.142.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        217.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        217.135.221.88.in-addr.arpa
        IN PTR
        Response
        217.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-217deploystaticakamaitechnologiescom
      • flag-us
        DNS
        189.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        189.178.17.96.in-addr.arpa
        IN PTR
        Response
        189.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-189deploystaticakamaitechnologiescom
      • flag-us
        DNS
        202.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        202.178.17.96.in-addr.arpa
        IN PTR
        Response
        202.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-202deploystaticakamaitechnologiescom
      • flag-us
        DNS
        32.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        32.134.221.88.in-addr.arpa
        IN PTR
        Response
        32.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-32deploystaticakamaitechnologiescom
      • flag-us
        DNS
        32.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        32.134.221.88.in-addr.arpa
        IN PTR
        Response
        32.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-32deploystaticakamaitechnologiescom
      • flag-us
        DNS
        18.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.134.221.88.in-addr.arpa
        IN PTR
        Response
        18.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-18deploystaticakamaitechnologiescom
      • flag-us
        DNS
        18.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.134.221.88.in-addr.arpa
        IN PTR
        Response
        18.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-18deploystaticakamaitechnologiescom
      • flag-us
        DNS
        206.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.178.17.96.in-addr.arpa
        IN PTR
        Response
        206.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-206deploystaticakamaitechnologiescom
      • flag-us
        DNS
        206.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.178.17.96.in-addr.arpa
        IN PTR
        Response
        206.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-206deploystaticakamaitechnologiescom
      • flag-us
        DNS
        138.201.86.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.201.86.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        138.201.86.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.201.86.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        68.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        68.179.17.96.in-addr.arpa
        IN PTR
        Response
        68.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-68deploystaticakamaitechnologiescom
      • flag-us
        DNS
        68.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        68.179.17.96.in-addr.arpa
        IN PTR
        Response
        68.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-68deploystaticakamaitechnologiescom
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301287_1U7X9BQKXX1CUMUTC&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301287_1U7X9BQKXX1CUMUTC&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 581215
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: DB4143528C8845F292AF5E2F9C4B28AA Ref B: LON04EDGE0907 Ref C: 2024-01-01T16:03:16Z
        date: Mon, 01 Jan 2024 16:03:16 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300989_1BE4XYRF6MHWRMDVG&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300989_1BE4XYRF6MHWRMDVG&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301422_137F5YXX7BH6VPYI4&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301422_137F5YXX7BH6VPYI4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        DNS
        208.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        208.135.221.88.in-addr.arpa
        IN PTR
        Response
        208.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-208deploystaticakamaitechnologiescom
      • flag-us
        DNS
        208.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        208.135.221.88.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        55.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        55.179.17.96.in-addr.arpa
        IN PTR
        Response
        55.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-55deploystaticakamaitechnologiescom
      • flag-us
        DNS
        55.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        55.179.17.96.in-addr.arpa
        IN PTR
        Response
        55.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-55deploystaticakamaitechnologiescom
      • 138.91.171.81:80
        52 B
         1
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.6kB
         11.9kB
         18
        14
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301422_137F5YXX7BH6VPYI4&pid=21.2&w=1080&h=1920&c=4
        tls, http2
        34.5kB
         912.3kB
         675
        673

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301287_1U7X9BQKXX1CUMUTC&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300989_1BE4XYRF6MHWRMDVG&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301422_137F5YXX7BH6VPYI4&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.7kB
         8.3kB
         18
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.5kB
         8.2kB
         17
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.7kB
         16
        14
      • 96.17.179.68:80
      • 96.17.179.68:80
      • 96.17.179.68:80
      • 96.17.179.68:80
      • 96.17.179.68:80
      • 96.17.179.68:80
      • 96.17.179.55:80
      • 96.17.179.55:80
      • 96.17.179.55:80
      • 96.17.179.55:80
      • 8.8.8.8:53
        1.181.190.20.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        1.181.190.20.in-addr.arpa

        DNS Request

        1.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        146.78.124.51.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        146.78.124.51.in-addr.arpa

      • 8.8.8.8:53
        177.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        177.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        43.58.199.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        43.58.199.20.in-addr.arpa

      • 8.8.8.8:53
        41.110.16.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        41.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        9.228.82.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        9.228.82.20.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        142 B
         145 B
         2
        1

        DNS Request

        206.23.85.13.in-addr.arpa

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        100.5.17.2.in-addr.arpa
        dns
        69 B
         131 B
         1
        1

        DNS Request

        100.5.17.2.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        178.223.142.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        178.223.142.52.in-addr.arpa

      • 8.8.8.8:53
        217.135.221.88.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        217.135.221.88.in-addr.arpa

      • 8.8.8.8:53
        189.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        189.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        202.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        202.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        32.134.221.88.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        32.134.221.88.in-addr.arpa

        DNS Request

        32.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        18.134.221.88.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        18.134.221.88.in-addr.arpa

        DNS Request

        18.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        206.178.17.96.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        206.178.17.96.in-addr.arpa

        DNS Request

        206.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        138.201.86.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        138.201.86.20.in-addr.arpa

        DNS Request

        138.201.86.20.in-addr.arpa

      • 8.8.8.8:53
        68.179.17.96.in-addr.arpa
        dns
        142 B
         270 B
         2
        2

        DNS Request

        68.179.17.96.in-addr.arpa

        DNS Request

        68.179.17.96.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        124 B
         346 B
         2
        2

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        208.135.221.88.in-addr.arpa
        dns
        146 B
         139 B
         2
        1

        DNS Request

        208.135.221.88.in-addr.arpa

        DNS Request

        208.135.221.88.in-addr.arpa

      • 8.8.8.8:53
        55.179.17.96.in-addr.arpa
        dns
        142 B
         270 B
         2
        2

        DNS Request

        55.179.17.96.in-addr.arpa

        DNS Request

        55.179.17.96.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2436-0-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.