Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

GamePingBooster.zip

windows10-2004-x64

1

GamePingBo...se.dll

windows10-2004-x64

1

GamePingBo...uf.dll

windows10-2004-x64

1

GamePingBo...op.dll

windows10-2004-x64

1

GamePingBo...up.exe

windows10-2004-x64

10

GamePingBo...en.dll

windows10-2004-x64

1

GamePingBo...te.dll

windows10-2004-x64

1

GamePingBo...ry.dll

windows10-2004-x64

1

GamePingBo...fe.dll

windows10-2004-x64

1

GamePingBo...on.dll

windows10-2004-x64

1

GamePingBo...ty.dll

windows10-2004-x64

1

GamePingBo...lt.zip

windows10-2004-x64

1

settings.json

windows10-2004-x64

3

GamePingBo...rs.zip

windows10-2004-x64

1

win10/arm6...rv.sys

windows10-2004-x64

1

win10/x64/...rv.sys

windows10-2004-x64

1

win10/x64/...rv.sys

windows10-2004-x64

1

win10/x86/...rv.sys

windows10-2004-x64

1

win10/x86/...rv.sys

windows10-2004-x64

1

x64/AdguardNetLib.dll

windows10-2004-x64

1

x64/AdguardNetReg.exe

windows10-2004-x64

1

x64/adgvpn...rv.sys

windows10-2004-x64

1

x64/adgvpn...rv.sys

windows10-2004-x64

1

x86/AdguardNetLib.dll

windows10-2004-x64

1

x86/AdguardNetReg.exe

windows10-2004-x64

1

x86/adgvpn...rv.sys

windows10-2004-x64

1

x86/adgvpn...rv.sys

windows10-2004-x64

1

GamePingBo...un.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 19:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x86/AdguardNetLib.dll

  • Size

    153KB

  • MD5

    9764179c72a035e6ccc29680545fead1

  • SHA1

    045427470197282e40866ca68abf2309d1db07ba

  • SHA256

    455d8b058331f3db8233c7c6823985163a82e3cebb26cac46c3838fcbf7efa86

  • SHA512

    2305f28629d61ca03849388b5e11a7e90838b167188dad0c5f7859510a50c6ac4348f06c6dabcc231a4266c216d917cbcadb55b6d40e540115bd1fc6e058e0d9

  • SSDEEP

    3072:EuaQTk1wgCa7uW+Y+IJE+edVtDvIDBJF0EDQns6fvC9cjo2iwJtsykZHqxO34aGo:wnCa7uW+Y+IJE+edVtbIDBJF0Ecns6yj

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\AdguardNetLib.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:380
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\AdguardNetLib.dll,#1
      2⤵
        PID:2360

    Network

    • flag-us
      DNS
      14.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      249.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      249.197.17.2.in-addr.arpa
      IN PTR
      Response
      249.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-249deploystaticakamaitechnologiescom
    • flag-us
      DNS
      58.99.105.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.99.105.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      21.114.53.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.114.53.23.in-addr.arpa
      IN PTR
      Response
      21.114.53.23.in-addr.arpa
      IN PTR
      a23-53-114-21deploystaticakamaitechnologiescom
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      134.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.71.91.104.in-addr.arpa
      IN PTR
      Response
      134.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-134deploystaticakamaitechnologiescom
    • flag-us
      DNS
      240.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.197.17.2.in-addr.arpa
      IN PTR
      Response
      240.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-240deploystaticakamaitechnologiescom
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      168.117.168.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      168.117.168.52.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      14.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      249.197.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      249.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      58.99.105.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      58.99.105.20.in-addr.arpa

    • 8.8.8.8:53
      21.114.53.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      21.114.53.23.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      134.71.91.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      134.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      240.197.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      240.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      19.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      19.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      168.117.168.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      168.117.168.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.