Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 22:04 UTC

General

  • Target

    622f15c89f1c0afaeacdf9672926967820a71c8ef1dbb3e39b28bbb9f238e0b5.dll

  • Size

    3KB

  • MD5

    7be580defb0770da72458a0544047bd1

  • SHA1

    0b4d603e373604547c49c799463a840998570cd0

  • SHA256

    622f15c89f1c0afaeacdf9672926967820a71c8ef1dbb3e39b28bbb9f238e0b5

  • SHA512

    be64671d2203a301646f3633e68b45c7efd7837810f9a9bf9b2a9a0f1f83d5886b0d2a17ba07f198ac9106df5d6b9a7803c94340b5b4b963d1cca0462aa3f97d

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\622f15c89f1c0afaeacdf9672926967820a71c8ef1dbb3e39b28bbb9f238e0b5.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:744
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\622f15c89f1c0afaeacdf9672926967820a71c8ef1dbb3e39b28bbb9f238e0b5.dll,#1
      2⤵
        PID:2356
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1288,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:8
      1⤵
        PID:4808

      Network

      • flag-us
        DNS
        138.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-nl
        GET
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        Remote address:
        23.62.61.112:443
        Request
        GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 1107
        date: Fri, 10 May 2024 22:04:30 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.6c3d3e17.1715378670.281402d
      • flag-us
        DNS
        57.169.31.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.169.31.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        112.61.62.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        112.61.62.23.in-addr.arpa
        IN PTR
        Response
        112.61.62.23.in-addr.arpa
        IN PTR
        a23-62-61-112deploystaticakamaitechnologiescom
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        171.39.242.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        171.39.242.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        24.121.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        24.121.18.2.in-addr.arpa
        IN PTR
        Response
        24.121.18.2.in-addr.arpa
        IN PTR
        a2-18-121-24deploystaticakamaitechnologiescom
      • flag-us
        DNS
        13.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        63.141.182.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        63.141.182.52.in-addr.arpa
        IN PTR
        Response
      • 23.62.61.112:443
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        tls, http2
        1.5kB
        6.3kB
        17
        11

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

        HTTP Response

        200
      • 8.8.8.8:53
        138.32.126.40.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        138.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
        128 B
        1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        112.61.62.23.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        112.61.62.23.in-addr.arpa

      • 8.8.8.8:53
        57.169.31.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        57.169.31.20.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
        144 B
        1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        171.39.242.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        171.39.242.20.in-addr.arpa

      • 8.8.8.8:53
        24.121.18.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        24.121.18.2.in-addr.arpa

      • 8.8.8.8:53
        13.227.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        13.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        63.141.182.52.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        63.141.182.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.