Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

anyunlock-...up.exe

windows7-x64

10

anyunlock-...up.exe

windows10-2004-x64

5

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...Vs.dll

windows7-x64

3

$PLUGINSDI...Vs.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows7-x64

1

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

7

$PLUGINSDI...up.exe

windows10-2004-x64

7

$PLUGINSDIR/nsDui.dll

windows7-x64

3

$PLUGINSDIR/nsDui.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$PLUGINSDI...ll.exe

windows7-x64

4

$PLUGINSDI...ll.exe

windows10-2004-x64

5

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...Vs.dll

windows7-x64

3

$PLUGINSDI...Vs.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows7-x64

1

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...el.dll

windows7-x64

7

$PLUGINSDI...el.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 00:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/nsExec.dll

  • Size

    6KB

  • MD5

    ec62e1a8d16d8f1b0eb792aa26e5de5c

  • SHA1

    faa219618aec99cffb81c312728dc56c1fdc5798

  • SHA256

    193d396fc7be5fed9d585de3c43e23d640c1dce725499f0274b3898c248545aa

  • SHA512

    cb3f3458cf734ab7b964ed25cac87ff2938292eed9caae1305b2e5975bde885f4d8b06d05d4099ef614982cd55d97e9ddc0f13bbe2cdd9fb642d008788ed3017

  • SSDEEP

    96:O7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkNp38:/N8KgWAuLWxD8ZAGgmkN

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4984
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
      2⤵
        PID:2632
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 612
          3⤵
          • Program crash
          PID:4124
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2632 -ip 2632
      1⤵
        PID:1868

      Network

      • flag-us
        DNS
        97.17.167.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        97.17.167.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        89.90.14.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        89.90.14.23.in-addr.arpa
        IN PTR
        Response
        89.90.14.23.in-addr.arpa
        IN PTR
        a23-14-90-89deploystaticakamaitechnologiescom
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        17.14.97.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        17.14.97.104.in-addr.arpa
        IN PTR
        Response
        17.14.97.104.in-addr.arpa
        IN PTR
        a104-97-14-17deploystaticakamaitechnologiescom
      • flag-us
        DNS
        17.14.97.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        17.14.97.104.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        96.90.14.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        96.90.14.23.in-addr.arpa
        IN PTR
        Response
        96.90.14.23.in-addr.arpa
        IN PTR
        a23-14-90-96deploystaticakamaitechnologiescom
      • flag-us
        DNS
        22.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        22.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        73.90.14.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.90.14.23.in-addr.arpa
        IN PTR
        Response
        73.90.14.23.in-addr.arpa
        IN PTR
        a23-14-90-73deploystaticakamaitechnologiescom
      No results found
      • 8.8.8.8:53
        97.17.167.52.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        97.17.167.52.in-addr.arpa

      • 8.8.8.8:53
        89.90.14.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        89.90.14.23.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        17.14.97.104.in-addr.arpa
        dns
        142 B
         135 B
         2
        1

        DNS Request

        17.14.97.104.in-addr.arpa

        DNS Request

        17.14.97.104.in-addr.arpa

      • 8.8.8.8:53
        96.90.14.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        96.90.14.23.in-addr.arpa

      • 8.8.8.8:53
        22.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        22.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        73.90.14.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        73.90.14.23.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.