Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

anyunlock-...up.exe

windows7-x64

7

anyunlock-...up.exe

windows10-2004-x64

7

$PLUGINSDI...Vs.dll

windows7-x64

3

$PLUGINSDI...Vs.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

7

$PLUGINSDI...up.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDIR/setup.exe

windows7-x64

1

$PLUGINSDIR/setup.exe

windows10-2004-x64

1

$PLUGINSDI...ll.exe

windows7-x64

7

$PLUGINSDI...ll.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...Vs.dll

windows7-x64

3

$PLUGINSDI...Vs.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows7-x64

1

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...el.dll

windows7-x64

7

$PLUGINSDI...el.dll

windows10-2004-x64

7

$PLUGINSDI...tn.dll

windows7-x64

3

$PLUGINSDI...tn.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    66s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    01/05/2024, 13:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/BgWorker.dll

  • Size

    2KB

  • MD5

    33ec04738007e665059cf40bc0f0c22b

  • SHA1

    4196759a922e333d9b17bda5369f14c33cd5e3bc

  • SHA256

    50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

  • SHA512

    2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgWorker.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4856
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgWorker.dll,#1
      2⤵
        PID:1276
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 604
          3⤵
          • Program crash
          PID:3584
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1276 -ip 1276
      1⤵
        PID:3172

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      No results found
      • 8.8.8.8:53
        g.bing.com
        dns
        280 B
         5

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

      • 8.8.8.8:53
        g.bing.com
        dns
        280 B
         5

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.