Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Korepi/Korepi.exe

windows10-2004-x64

10

Korepi/d3d...47.dll

windows10-2004-x64

3

Korepi/dll/ffmpeg.dll

windows10-2004-x64

1

Korepi/dll/libEGL.dll

windows10-2004-x64

1

Korepi/dll...v2.dll

windows10-2004-x64

3

Korepi/dll...er.dll

windows10-2004-x64

3

Korepi/dll...-1.dll

windows10-2004-x64

3

Korepi/ffmpeg.dll

windows10-2004-x64

1

Korepi/libEGL.dll

windows10-2004-x64

1

Korepi/libGLESv2.dll

windows10-2004-x64

3

Korepi/vgrl.dll

windows10-2004-x64

1

Korepi/vivoxsdk.dll

windows10-2004-x64

1

Resubmissions

08/02/2024, 19:42 UTC

240208-ye7cksbg28 10

08/02/2024, 19:33 UTC

240208-x9kavshh6s 10

Analysis

  • max time kernel
    83s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/02/2024, 19:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Korepi/dll/vk_swiftshader.dll

  • Size

    4.3MB

  • MD5

    ad00a712203b9dfb702d886e43d215e6

  • SHA1

    1921d4d14b5ac0a669f69cd852a41eba8377a434

  • SHA256

    01742049534047b956328b9a0ca57f720e957edb684a6a0d70acc992e2b684fc

  • SHA512

    f4672dce073c940fe3b9f9687fc9a195b5d0a6e51bb92c91047775be244ce95a2c743947eb05299d77cb3c8b914821984bb98182bc9afdc35e3963148f5562e0

  • SSDEEP

    49152:TRFxCyzWuNtr3nQAqKktwjcXBQkHTTZjbryATFeYkScdII2HM2lbpTFk6dwkIIq/:TR+rwY1V2iy0SpGOjECAetx80J

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Korepi\dll\vk_swiftshader.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Korepi\dll\vk_swiftshader.dll,#1
      2⤵
        PID:448
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 600
          3⤵
          • Program crash
          PID:2148
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 448 -ip 448
      1⤵
        PID:4916

      Network

      • flag-us
        DNS
        79.121.231.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        79.121.231.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        210.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        210.178.17.96.in-addr.arpa
        IN PTR
        Response
        210.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-210deploystaticakamaitechnologiescom
      • flag-us
        DNS
        28.118.140.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        28.118.140.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        85.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        85.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        232.168.11.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.168.11.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        133.211.185.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.211.185.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        23.160.77.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.160.77.104.in-addr.arpa
        IN PTR
        Response
        23.160.77.104.in-addr.arpa
        IN PTR
        a104-77-160-23deploystaticakamaitechnologiescom
      • flag-us
        DNS
        0.204.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.204.248.87.in-addr.arpa
        IN PTR
        Response
        0.204.248.87.in-addr.arpa
        IN PTR
        https-87-248-204-0lhrllnwnet
      • 96.16.110.41:443
        322 B
         7
      • 192.229.221.95:80
        322 B
         7
      • 8.8.8.8:53
        79.121.231.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        79.121.231.20.in-addr.arpa

      • 8.8.8.8:53
        210.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        210.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        28.118.140.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        28.118.140.52.in-addr.arpa

      • 8.8.8.8:53
        85.177.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        85.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        232.168.11.51.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        232.168.11.51.in-addr.arpa

      • 8.8.8.8:53
        133.211.185.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        133.211.185.52.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        23.160.77.104.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        23.160.77.104.in-addr.arpa

      • 8.8.8.8:53
        0.204.248.87.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        0.204.248.87.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.