Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

bVPN_1_7_0_setup.exe

windows10-2004-x64

8

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

QtCore4.dll

windows10-2004-x64

3

QtGui4.dll

windows10-2004-x64

3

QtNetwork4.dll

windows10-2004-x64

3

bvpn.exe

windows10-2004-x64

1

debug_helper.exe

windows10-2004-x64

1

iwasel_pro...er.exe

windows10-2004-x64

1

libeay32.dll

windows10-2004-x64

1

msvcp100.dll

windows10-2004-x64

3

msvcr100.dll

windows10-2004-x64

3

openvpn/libeay32.dll

windows10-2004-x64

1

openvpn/li...-1.dll

windows10-2004-x64

3

openvpn/libssl32.dll

windows10-2004-x64

1

openvpn/lzo2.dll

windows10-2004-x64

1

openvpn/msvcr90.dll

windows10-2004-x64

1

openvpn/openvpn.exe

windows10-2004-x64

1

openvpn/ssleay32.dll

windows10-2004-x64

1

openvpn/ta...01.sys

windows10-2004-x64

1

openvpn/ta...ll.exe

windows10-2004-x64

1

openvpn/ta...01.sys

windows10-2004-x64

1

openvpn/ta...ll.exe

windows10-2004-x64

1

plugins/im...o4.dll

windows10-2004-x64

1

qjson0.dll

windows10-2004-x64

3

qssh2.dll

windows10-2004-x64

3

quazip.dll

windows10-2004-x64

3

ssleay32.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1784s
  • max time network
    1178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2024, 19:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QtNetwork4.dll

  • Size

    1010KB

  • MD5

    91ecdb5de396a4a61cd1bbb974a8b00f

  • SHA1

    6639f7aa4ea1747b6f03e59b8fdd114655fd32a9

  • SHA256

    56112b07ad93b8f21d0d9111bfbc759e4bd4ee2253a727a26c3c6f1d2d4aeec8

  • SHA512

    068b8d42fd4e832435694ca54ef73ec0d5e2f555323245c7dc7ab26633628dd2bb07fb9d809e7a75ebed8d237db4c6a1cf92ba15f5c916ebde4050ce14d18db7

  • SSDEEP

    12288:PB2v5dX/m5jrPtkEPSkxqLzZjNO+W0Ga+ECj2YiTPdb4w9S1LI+RTBGEF:PiX/m7k+m9jNOYPCITPdb1S1LI0

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\QtNetwork4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3604
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\QtNetwork4.dll,#1
      2⤵
        PID:3696
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 652
          3⤵
          • Program crash
          PID:4648
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3696 -ip 3696
      1⤵
        PID:3736

      Network

      • flag-us
        DNS
        75.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        75.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        75.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        75.159.190.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=3CEFB20BF79061090D69A66AF6B76027; domain=.bing.com; expires=Fri, 09-May-2025 19:59:39 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 445D2A0C81074EC8811AFC9C3C697B2B Ref B: LON04EDGE0707 Ref C: 2024-04-14T19:59:39Z
        date: Sun, 14 Apr 2024 19:59:39 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3CEFB20BF79061090D69A66AF6B76027
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=QjumtXPfEcZKZcDzmX4TlE7l1B0x3SnEEa-GH9d7O3k; domain=.bing.com; expires=Fri, 09-May-2025 19:59:40 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 17A278A1597C49E088A396DB79613087 Ref B: LON04EDGE0707 Ref C: 2024-04-14T19:59:40Z
        date: Sun, 14 Apr 2024 19:59:40 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3CEFB20BF79061090D69A66AF6B76027; MSPTC=QjumtXPfEcZKZcDzmX4TlE7l1B0x3SnEEa-GH9d7O3k
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 47983A266D2D4CE5A44748C9A484FDC6 Ref B: LON04EDGE0707 Ref C: 2024-04-14T19:59:40Z
        date: Sun, 14 Apr 2024 19:59:40 GMT
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        21.114.53.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.114.53.23.in-addr.arpa
        IN PTR
        Response
        21.114.53.23.in-addr.arpa
        IN PTR
        a23-53-114-21deploystaticakamaitechnologiescom
      • flag-us
        DNS
        55.36.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        55.36.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        55.36.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        55.36.223.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        183.59.114.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.59.114.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        31.121.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        31.121.18.2.in-addr.arpa
        IN PTR
        Response
        31.121.18.2.in-addr.arpa
        IN PTR
        a2-18-121-31deploystaticakamaitechnologiescom
      • flag-us
        DNS
        48.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        48.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.16.208.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.16.208.104.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=
        tls, http2
        2.3kB
         9.7kB
         23
        18

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00308e70bb07403fa2b0b6c81a97ae01&localId=w:19F07DA7-5FDD-B751-CD70-D7618FCDFF22&deviceId=6755467521684215&anid=

        HTTP Response

        204
      • 8.8.8.8:53
        75.159.190.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        75.159.190.20.in-addr.arpa

        DNS Request

        75.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        112 B
         151 B
         2
        1

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        21.114.53.23.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        21.114.53.23.in-addr.arpa

      • 8.8.8.8:53
        55.36.223.20.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        55.36.223.20.in-addr.arpa

        DNS Request

        55.36.223.20.in-addr.arpa

      • 8.8.8.8:53
        183.59.114.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        183.59.114.20.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        31.121.18.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        31.121.18.2.in-addr.arpa

      • 8.8.8.8:53
        48.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        48.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        95.16.208.104.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        95.16.208.104.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.