Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

a9f4c8ecc3...e0.exe

windows7-x64

3

a9f4c8ecc3...e0.exe

windows10-2004-x64

3

$APPDATA/C...er.dll

windows7-x64

1

$APPDATA/C...er.dll

windows10-2004-x64

1

$APPDATA/C...TV.dll

windows7-x64

1

$APPDATA/C...TV.dll

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Communicate.dll

windows7-x64

1

Communicate.dll

windows10-2004-x64

1

MSINET.dll

windows7-x64

1

MSINET.dll

windows10-2004-x64

1

PSPMencoder.exe

windows7-x64

1

PSPMencoder.exe

windows10-2004-x64

1

VnetClinfo.dll

windows7-x64

1

VnetClinfo.dll

windows10-2004-x64

1

comdlg32.dll

windows7-x64

1

comdlg32.dll

windows10-2004-x64

1

mod/Reli_CCTV.dll

windows7-x64

1

mod/Reli_CCTV.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/02/2024, 19:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    comdlg32.dll

  • Size

    137KB

  • MD5

    b73809a916e6d7c1ae56f182a2e8f7e2

  • SHA1

    34e4213d8bf0e150d3f50ae0bd3f5b328e1105f5

  • SHA256

    64c6ee999562961d11af130254ad3ffd24bb725d3c18e7877f9fd362f4936195

  • SHA512

    26c28cb6c7e1b47425403ab8850a765ac420dd6474327ce8469376219c830ab46218383d15a73c9ea3a23fc6b5f392ee6e2a1632a1bf644b1bd1a05a4729e333

  • SSDEEP

    3072:3ESIiWD8uq4hCqUt6mqD1gRshBgH/voqJrwo2CocrJbQN6N2TRqEydzdHv2:3ETz566VgRyOJ0oDxQRHH

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\comdlg32.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\comdlg32.dll
      2⤵
        PID:1660

    Network

    • flag-us
      DNS
      134.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      182.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      182.178.17.96.in-addr.arpa
      IN PTR
      Response
      182.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-182deploystaticakamaitechnologiescom
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      167.109.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      167.109.18.2.in-addr.arpa
      IN PTR
      Response
      167.109.18.2.in-addr.arpa
      IN PTR
      a2-18-109-167deploystaticakamaitechnologiescom
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      28.160.77.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.160.77.104.in-addr.arpa
      IN PTR
      Response
      28.160.77.104.in-addr.arpa
      IN PTR
      a104-77-160-28deploystaticakamaitechnologiescom
    • flag-us
      DNS
      162.177.78.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      162.177.78.104.in-addr.arpa
      IN PTR
      Response
      162.177.78.104.in-addr.arpa
      IN PTR
      a104-78-177-162deploystaticakamaitechnologiescom
    • flag-us
      DNS
      176.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      176.178.17.96.in-addr.arpa
      IN PTR
      Response
      176.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-176deploystaticakamaitechnologiescom
    • flag-us
      DNS
      192.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      192.178.17.96.in-addr.arpa
      IN PTR
      Response
      192.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-192deploystaticakamaitechnologiescom
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.178.17.96.in-addr.arpa
      IN PTR
      Response
      172.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-172deploystaticakamaitechnologiescom
    • flag-us
      DNS
      79.121.231.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.121.231.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      84.65.42.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      84.65.42.20.in-addr.arpa
      IN PTR
      Response
    • 20.231.121.79:80
      104 B
       2
    • 8.8.8.8:53
      134.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      134.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      182.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      182.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      205.47.74.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      205.47.74.20.in-addr.arpa

    • 8.8.8.8:53
      167.109.18.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      167.109.18.2.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      28.160.77.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      28.160.77.104.in-addr.arpa

    • 8.8.8.8:53
      162.177.78.104.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      162.177.78.104.in-addr.arpa

    • 8.8.8.8:53
      176.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      176.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      192.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      192.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      172.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      172.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      48.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      48.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      79.121.231.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      79.121.231.20.in-addr.arpa

    • 8.8.8.8:53
      84.65.42.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      84.65.42.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.