Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

43eb4efd4c...18.exe

windows7-x64

7

43eb4efd4c...18.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...c3.dll

windows7-x64

3

$PLUGINSDI...c3.dll

windows10-2004-x64

3

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...it.dll

windows7-x64

3

$PLUGINSDI...it.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 01:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/nsDialogs.dll

  • Size

    9KB

  • MD5

    c10e04dd4ad4277d5adc951bb331c777

  • SHA1

    b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

  • SHA256

    e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

  • SHA512

    853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

  • SSDEEP

    96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
      2⤵
        PID:4372
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 636
          3⤵
          • Program crash
          PID:4980
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4372 -ip 4372
      1⤵
        PID:3676
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4272,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8
        1⤵
          PID:2812

        Network

        • flag-us
          DNS
          g.bing.com
          Remote address:
          8.8.8.8:53
          Request
          g.bing.com
          IN A
          Response
          g.bing.com
          IN CNAME
          g-bing-com.dual-a-0034.a-msedge.net
          g-bing-com.dual-a-0034.a-msedge.net
          IN CNAME
          dual-a-0034.a-msedge.net
          dual-a-0034.a-msedge.net
          IN A
          204.79.197.237
          dual-a-0034.a-msedge.net
          IN A
          13.107.21.237
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=
          Remote address:
          204.79.197.237:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MUID=00CF238DD305638A1D63370DD2BE62D4; domain=.bing.com; expires=Mon, 09-Jun-2025 01:13:20 GMT; path=/; SameSite=None; Secure; Priority=High;
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: DD6C489B3C304C4FB8AE42FA8656FFF2 Ref B: LON04EDGE0816 Ref C: 2024-05-15T01:13:20Z
          date: Wed, 15 May 2024 01:13:19 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=
          Remote address:
          204.79.197.237:443
          Request
          GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=00CF238DD305638A1D63370DD2BE62D4
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MSPTC=0A3p8ldP7OMcOrbNrH2NUZ5zfFqTURiX3sFfuu5aQIo; domain=.bing.com; expires=Mon, 09-Jun-2025 01:13:20 GMT; path=/; Partitioned; secure; SameSite=None
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: DCDD00F46BEE4729BEB61F38C36EB0C3 Ref B: LON04EDGE0816 Ref C: 2024-05-15T01:13:20Z
          date: Wed, 15 May 2024 01:13:19 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=
          Remote address:
          204.79.197.237:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=00CF238DD305638A1D63370DD2BE62D4; MSPTC=0A3p8ldP7OMcOrbNrH2NUZ5zfFqTURiX3sFfuu5aQIo
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: F283BC5FE008419CB7A5487EA10EB68B Ref B: LON04EDGE0816 Ref C: 2024-05-15T01:13:20Z
          date: Wed, 15 May 2024 01:13:19 GMT
        • flag-us
          DNS
          8.8.8.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          8.8.8.8.in-addr.arpa
          IN PTR
          Response
          8.8.8.8.in-addr.arpa
          IN PTR
          dnsgoogle
        • flag-us
          DNS
          17.160.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          17.160.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-nl
          GET
          https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
          Remote address:
          23.62.61.194:443
          Request
          GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
          host: www.bing.com
          accept: */*
          cookie: MUID=00CF238DD305638A1D63370DD2BE62D4; MSPTC=0A3p8ldP7OMcOrbNrH2NUZ5zfFqTURiX3sFfuu5aQIo
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-type: image/png
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          content-length: 1107
          date: Wed, 15 May 2024 01:13:21 GMT
          alt-svc: h3=":443"; ma=93600
          x-cdn-traceid: 0.be3d3e17.1715735601.9cf132b
        • flag-us
          DNS
          172.210.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.210.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          237.197.79.204.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          237.197.79.204.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          194.61.62.23.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          194.61.62.23.in-addr.arpa
          IN PTR
          Response
          194.61.62.23.in-addr.arpa
          IN PTR
          a23-62-61-194deploystaticakamaitechnologiescom
        • flag-us
          DNS
          26.165.165.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          26.165.165.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          198.187.3.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          198.187.3.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          14.227.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.227.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          77.190.18.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          77.190.18.2.in-addr.arpa
          IN PTR
          Response
          77.190.18.2.in-addr.arpa
          IN PTR
          a2-18-190-77deploystaticakamaitechnologiescom
        • 204.79.197.237:443
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=
          tls, http2
          2.0kB
           9.2kB
           22
          19

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e89338a4dee44b11a65b99a82bb831bc&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=

          HTTP Response

          204
        • 23.62.61.194:443
          https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
          tls, http2
          1.5kB
           6.4kB
           16
          12

          HTTP Request

          GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

          HTTP Response

          200
        • 8.8.8.8:53
          g.bing.com
          dns
          56 B
           151 B
           1
          1

          DNS Request

          g.bing.com

          DNS Response

          204.79.197.237
          13.107.21.237

        • 8.8.8.8:53
          8.8.8.8.in-addr.arpa
          dns
          66 B
           90 B
           1
          1

          DNS Request

          8.8.8.8.in-addr.arpa

        • 8.8.8.8:53
          17.160.190.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          17.160.190.20.in-addr.arpa

        • 8.8.8.8:53
          172.210.232.199.in-addr.arpa
          dns
          74 B
           128 B
           1
          1

          DNS Request

          172.210.232.199.in-addr.arpa

        • 8.8.8.8:53
          237.197.79.204.in-addr.arpa
          dns
          73 B
           143 B
           1
          1

          DNS Request

          237.197.79.204.in-addr.arpa

        • 8.8.8.8:53
          194.61.62.23.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          194.61.62.23.in-addr.arpa

        • 8.8.8.8:53
          26.165.165.52.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          26.165.165.52.in-addr.arpa

        • 8.8.8.8:53
          198.187.3.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          198.187.3.20.in-addr.arpa

        • 8.8.8.8:53
          14.227.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          14.227.111.52.in-addr.arpa

        • 8.8.8.8:53
          77.190.18.2.in-addr.arpa
          dns
          70 B
           133 B
           1
          1

          DNS Request

          77.190.18.2.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.