Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Install.Sf...64.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

sfvip_all....20.dll

windows11-21h2-x64

1

sfvip_all....es.dll

windows11-21h2-x64

1

sfvip_all....ni.dll

windows11-21h2-x64

1

sfvip_all....bc.dll

windows11-21h2-x64

1

sfvip_all....fb.dll

windows11-21h2-x64

1

sfvip_all....tr.dll

windows11-21h2-x64

1

sfvip_all....cb.dll

windows11-21h2-x64

1

sfvip_all....sh.dll

windows11-21h2-x64

1

sfvip_all....cb.dll

windows11-21h2-x64

1

sfvip_all....fb.dll

windows11-21h2-x64

1

sfvip_all....2s.dll

windows11-21h2-x64

1

sfvip_all....D5.dll

windows11-21h2-x64

1

sfvip_all....A1.dll

windows11-21h2-x64

1

sfvip_all....24.dll

windows11-21h2-x64

1

sfvip_all....56.dll

windows11-21h2-x64

1

sfvip_all....84.dll

windows11-21h2-x64

1

sfvip_all....12.dll

windows11-21h2-x64

1

sfvip_all....ul.dll

windows11-21h2-x64

1

sfvip_all....le.dll

windows11-21h2-x64

1

sfvip_all....ak.dll

windows11-21h2-x64

1

sfvip_all....pt.dll

windows11-21h2-x64

1

sfvip_all...._c.dll

windows11-21h2-x64

1

sfvip_all....or.dll

windows11-21h2-x64

1

sfvip_all....ll.exe

windows11-21h2-x64

1

sfvip_all....io.dll

windows11-21h2-x64

1

sfvip_all....li.dll

windows11-21h2-x64

1

sfvip_all....z2.dll

windows11-21h2-x64

1

sfvip_all....it.vbs

windows11-21h2-x64

1

Resubmissions

06/03/2024, 18:08 UTC

240306-wrcydsef75 7

06/03/2024, 18:04 UTC

240306-wnjxjafd4y 7

Analysis

  • max time kernel
    1482s
  • max time network
    1497s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/03/2024, 18:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sfvip_all.dist/_asyncio.dll

  • Size

    63KB

  • MD5

    41806866d74e5edce05edc0ad47752b9

  • SHA1

    c3d603c029fdac45bac37bb2f449fab86b8845dd

  • SHA256

    76db93bd64cb4a36edb37694456f89bb588db98cf2733eb436f000b309eec3b2

  • SHA512

    2a019efaf3315b8b98be93ac4bea15cec8b9ecc6eab298fa93d3947bad2422b5a126d52cb4998363bdc82641fba9b8f42d589afe52d02914e55a5a6116989fde

  • SSDEEP

    1536:g2NcWvZEvWjtzE6OAz9WFIbOnP17Sy/xXY:g2NcefdE6OAz9WFIbOn9DY

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\sfvip_all.dist\_asyncio.dll,#1
    1⤵
      PID:1520

    Network

    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      23.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      23.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.173.189.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      17.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.179.17.96.in-addr.arpa
      IN PTR
      Response
      17.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-17deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      wu-bg-shim.trafficmanager.net
      wu-bg-shim.trafficmanager.net
      IN CNAME
      download.windowsupdate.com.edgesuite.net
      download.windowsupdate.com.edgesuite.net
      IN CNAME
      a767.dspw65.akamai.net
      a767.dspw65.akamai.net
      IN A
      96.17.179.36
      a767.dspw65.akamai.net
      IN A
      96.17.179.17
      a767.dspw65.akamai.net
      IN A
      96.17.179.15
      a767.dspw65.akamai.net
      IN A
      96.17.179.16
      a767.dspw65.akamai.net
      IN A
      96.17.179.43
      a767.dspw65.akamai.net
      IN A
      96.17.179.28
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
    • flag-us
      DNS
      36.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      36.179.17.96.in-addr.arpa
      IN PTR
      Response
      36.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-36deploystaticakamaitechnologiescom
    • flag-us
      DNS
      login.live.com
      Remote address:
      8.8.8.8:53
      Request
      login.live.com
      IN A
      Response
      login.live.com
      IN CNAME
      login.msa.msidentity.com
      login.msa.msidentity.com
      IN CNAME
      www.tm.lg.prod.aadmsa.trafficmanager.net
      www.tm.lg.prod.aadmsa.trafficmanager.net
      IN CNAME
      prdv4a.aadg.msidentity.com
      prdv4a.aadg.msidentity.com
      IN CNAME
      www.tm.v4.a.prd.aadg.akadns.net
      www.tm.v4.a.prd.aadg.akadns.net
      IN A
      40.126.53.17
      www.tm.v4.a.prd.aadg.akadns.net
      IN A
      20.190.181.6
      www.tm.v4.a.prd.aadg.akadns.net
      IN A
      20.190.181.23
      www.tm.v4.a.prd.aadg.akadns.net
      IN A
      40.126.53.19
      www.tm.v4.a.prd.aadg.akadns.net
      IN A
      40.126.53.18
      www.tm.v4.a.prd.aadg.akadns.net
      IN A
      40.126.53.21
      www.tm.v4.a.prd.aadg.akadns.net
      IN A
      40.126.53.16
      www.tm.v4.a.prd.aadg.akadns.net
      IN A
      20.190.181.0
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
      IN A
      20.103.156.88
    • flag-us
      DNS
      17.53.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.53.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
      IN A
      20.103.156.88
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com
      iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com
      IN A
      20.74.47.205
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
      Response
    • 52.111.243.29:443
      322 B
       7
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.6kB
       8.5kB
       18
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.7kB
       8.5kB
       18
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.7kB
       8.5kB
       18
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.7kB
       8.5kB
       18
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      88.9kB
       2.6MB
       1873
      1869
    • 8.8.8.8:53
      19.229.111.52.in-addr.arpa
      dns
      216 B
       316 B
       3
      2

      DNS Request

      19.229.111.52.in-addr.arpa

      DNS Request

      23.173.189.20.in-addr.arpa

      DNS Request

      23.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      17.179.17.96.in-addr.arpa
      dns
      282 B
       571 B
       4
      3

      DNS Request

      17.179.17.96.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      ctldl.windowsupdate.com

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      96.17.179.36
      96.17.179.17
      96.17.179.15
      96.17.179.16
      96.17.179.43
      96.17.179.28

    • 8.8.8.8:53
      36.179.17.96.in-addr.arpa
      dns
      669 B
       1.6kB
       10
      9

      DNS Request

      36.179.17.96.in-addr.arpa

      DNS Request

      login.live.com

      DNS Response

      40.126.53.17
      20.190.181.6
      20.190.181.23
      40.126.53.19
      40.126.53.18
      40.126.53.21
      40.126.53.16
      20.190.181.0

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

      DNS Request

      arc.msn.com

      DNS Response

      20.103.156.88

      DNS Request

      17.53.126.40.in-addr.arpa

      DNS Request

      88.156.103.20.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.103.156.88

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

      DNS Request

      200.197.79.204.in-addr.arpa

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      334 B
       859 B
       5
      5

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

      DNS Request

      54.120.234.20.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.74.47.205

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

      DNS Request

      205.47.74.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.