Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Bunifu.Licensing.dll

windows10-2004-x64

Bunifu.UI.....3.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....ss.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....ew.dll

windows10-2004-x64

1

Bunifu.UI....er.dll

windows10-2004-x64

1

Bunifu.UI....wn.dll

windows10-2004-x64

1

Bunifu.UI....ck.dll

windows10-2004-x64

7

Bunifu.UI....ge.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....es.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....ar.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....ng.dll

windows10-2004-x64

1

Bunifu.UI....ar.dll

windows10-2004-x64

1

Bunifu.UI....or.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....es.dll

windows10-2004-x64

1

Bunifu.UI....er.dll

windows10-2004-x64

1

Bunifu.UI....ar.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....ch.dll

windows10-2004-x64

1

Bunifu.UI....ip.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....ol.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 16:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bunifu.UI.WinForms.BunifuFormDock.dll

  • Size

    102KB

  • MD5

    fff8d46f94011c5bfa4bc1d1fbde3eaa

  • SHA1

    c5e978eb89e9646423c3b2a1d7d2651cdbee90f0

  • SHA256

    f8052b4641fea785ef643bc06d0e5383555c0845bbe695099bc41ab09a180ef6

  • SHA512

    61af0253c05bd33d43d34799eb74d97ae9e3e700281273895026d690f39e3de97034ee51511284a4b6a4150d31977f7ac6fbf4047aa19825564a15eae8be079a

  • SSDEEP

    3072:wVypYUOJdOb8UD8m1PxGFXflE2BHjvZKDq6CN:wVypYUSXdbBjvZKDq1N

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 8 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bunifu.UI.WinForms.BunifuFormDock.dll,#1
    1⤵
      PID:5004
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4228
      • C:\Users\Admin\AppData\Local\Temp\Umbral.builder.exe
        "C:\Users\Admin\AppData\Local\Temp\Umbral.builder.exe"
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:368

      Network

      • flag-us
        DNS
        74.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        74.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        79.190.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        79.190.18.2.in-addr.arpa
        IN PTR
        Response
        79.190.18.2.in-addr.arpa
        IN PTR
        a2-18-190-79deploystaticakamaitechnologiescom
      • flag-be
        GET
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        Remote address:
        2.17.107.128:443
        Request
        GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 1107
        date: Fri, 10 May 2024 16:23:12 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.7c6b1102.1715358192.4e6d168
      • flag-us
        DNS
        128.107.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        128.107.17.2.in-addr.arpa
        IN PTR
        Response
        128.107.17.2.in-addr.arpa
        IN PTR
        a2-17-107-128deploystaticakamaitechnologiescom
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        50.23.12.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        50.23.12.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        24.121.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        24.121.18.2.in-addr.arpa
        IN PTR
        Response
        24.121.18.2.in-addr.arpa
        IN PTR
        a2-18-121-24deploystaticakamaitechnologiescom
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        31.243.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        31.243.111.52.in-addr.arpa
        IN PTR
        Response
      • 2.17.107.128:443
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        tls, http2
        1.4kB
         6.3kB
         16
        11

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

        HTTP Response

        200
      • 8.8.8.8:53
        74.32.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        74.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        79.190.18.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        79.190.18.2.in-addr.arpa

      • 8.8.8.8:53
        128.107.17.2.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        128.107.17.2.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        50.23.12.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        50.23.12.20.in-addr.arpa

      • 8.8.8.8:53
        24.121.18.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        24.121.18.2.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        31.243.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        31.243.111.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/368-0-0x00007FF83FC33000-0x00007FF83FC35000-memory.dmp

        Filesize

        8KB

        Download

      • memory/368-1-0x000001A24B220000-0x000001A24B242000-memory.dmp

        Filesize

        136KB

        Download

      • memory/368-2-0x000001A24B6B0000-0x000001A24B6D0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/368-3-0x000001A24B6D0000-0x000001A24B6F0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/368-4-0x000001A265770000-0x000001A2657DE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/368-7-0x000001A24CFC0000-0x000001A24CFD0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/368-6-0x000001A2659E0000-0x000001A265A3A000-memory.dmp

        Filesize

        360KB

        Download

      • memory/368-5-0x000001A24B6F0000-0x000001A24B6FE000-memory.dmp

        Filesize

        56KB

        Download

      • memory/368-8-0x000001A2656D0000-0x000001A2656EE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/368-9-0x00007FF83FC30000-0x00007FF8406F1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/368-10-0x000001A265B90000-0x000001A265CDA000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/368-11-0x000001A265A40000-0x000001A265B56000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/368-12-0x000001A24CFD0000-0x000001A24D000000-memory.dmp

        Filesize

        192KB

        Download

      • memory/368-13-0x00007FF83FC30000-0x00007FF8406F1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/368-14-0x00007FF83FC30000-0x00007FF8406F1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/368-15-0x00007FF83FC33000-0x00007FF83FC35000-memory.dmp

        Filesize

        8KB

        Download

      • memory/368-16-0x00007FF83FC30000-0x00007FF8406F1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/368-17-0x00007FF83FC30000-0x00007FF8406F1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/368-18-0x00007FF83FC30000-0x00007FF8406F1000-memory.dmp

        Filesize

        10.8MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.