Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

133ff6b743...50.dll

windows7-x64

1

133ff6b743...50.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 21:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    133ff6b7435d3fadbaaccce33d58d650.dll

  • Size

    6KB

  • MD5

    133ff6b7435d3fadbaaccce33d58d650

  • SHA1

    479d4d83c3c70fb6f4b5492de37dbc32696f0c1b

  • SHA256

    d22041d458e9dde8ca700c9f1fa4052af70ebf2529ca2b6ec9851fad5bfb5b53

  • SHA512

    0ddfe7112ee6d655d86ae0fc9a5cde1f742f5d2c2e7618d6a30838e4c4c998a6250cc17b0f492b00e4e1feb17f3d0f98cc34b7c596366e2f37de65b8a406e41d

  • SSDEEP

    48:63mll5YVOa9VUX1iwbQWu01B+BDq9J5SH:VDa9VUX9bQWVB+FqX5SH

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\133ff6b7435d3fadbaaccce33d58d650.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\133ff6b7435d3fadbaaccce33d58d650.dll,#1
      2⤵
        PID:688

    Network

    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      24.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.139.73.23.in-addr.arpa
      IN PTR
      Response
      24.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      31.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      31.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      225.162.46.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      225.162.46.104.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      24.139.73.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      24.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      31.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      31.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      225.162.46.104.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      225.162.46.104.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.