Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

qbittorren...up.exe

windows7-x64

7

qbittorren...up.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...lW.dll

windows7-x64

3

$PLUGINSDI...lW.dll

windows10-2004-x64

3

qbittorrent.exe

windows7-x64

1

qbittorrent.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...lW.dll

windows7-x64

3

$PLUGINSDI...lW.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 13:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/nsDialogs.dll

  • Size

    9KB

  • MD5

    1d8f01a83ddd259bc339902c1d33c8f1

  • SHA1

    9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

  • SHA256

    4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

  • SHA512

    28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

  • SSDEEP

    96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3556
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
      2⤵
        PID:3124
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 636
          3⤵
          • Program crash
          PID:408
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3124 -ip 3124
      1⤵
        PID:2324

      Network

      • flag-us
        DNS
        133.211.185.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.211.185.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        14.160.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        14.160.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        58.55.71.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.55.71.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        65.139.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        65.139.73.23.in-addr.arpa
        IN PTR
        Response
        65.139.73.23.in-addr.arpa
        IN PTR
        a23-73-139-65deploystaticakamaitechnologiescom
      • flag-us
        DNS
        98.56.20.217.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        98.56.20.217.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        154.136.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        154.136.73.23.in-addr.arpa
        IN PTR
        Response
        154.136.73.23.in-addr.arpa
        IN PTR
        a23-73-136-154deploystaticakamaitechnologiescom
      • flag-us
        DNS
        11.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        11.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        15.173.189.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.173.189.20.in-addr.arpa
        IN PTR
        Response
      No results found
      • 8.8.8.8:53
        133.211.185.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        133.211.185.52.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        14.160.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        14.160.190.20.in-addr.arpa

      • 8.8.8.8:53
        58.55.71.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        58.55.71.13.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        65.139.73.23.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        65.139.73.23.in-addr.arpa

      • 8.8.8.8:53
        98.56.20.217.in-addr.arpa
        dns
        71 B
         131 B
         1
        1

        DNS Request

        98.56.20.217.in-addr.arpa

      • 8.8.8.8:53
        11.227.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        11.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        154.136.73.23.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        154.136.73.23.in-addr.arpa

      • 8.8.8.8:53
        15.173.189.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        15.173.189.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.