Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ipscan-3.9...up.exe

windows7-x64

7

ipscan-3.9...up.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    594s
  • max time network
    600s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    03/06/2024, 21:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/System.dll

  • Size

    12KB

  • MD5

    cff85c549d536f651d4fb8387f1976f2

  • SHA1

    d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

  • SHA256

    8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

  • SHA512

    531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

  • SSDEEP

    192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
      2⤵
        PID:2076
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 612
          3⤵
          • Program crash
          PID:3368
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2076 -ip 2076
      1⤵
        PID:1148
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4132,i,394370223929890652,966505792817799439,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:8
        1⤵
          PID:4944
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4776,i,394370223929890652,966505792817799439,262144 --variations-seed-version --mojo-platform-channel-handle=1068 /prefetch:8
          1⤵
            PID:4080

          Network

          • flag-us
            DNS
            8.8.8.8.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            8.8.8.8.in-addr.arpa
            IN PTR
            Response
            8.8.8.8.in-addr.arpa
            IN PTR
            dnsgoogle
          • flag-us
            DNS
            149.220.183.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            149.220.183.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            240.197.17.2.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            240.197.17.2.in-addr.arpa
            IN PTR
            Response
            240.197.17.2.in-addr.arpa
            IN PTR
            a2-17-197-240deploystaticakamaitechnologiescom
          • flag-us
            DNS
            23.159.190.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            23.159.190.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            183.142.211.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            183.142.211.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            133.211.185.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            133.211.185.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            86.23.85.13.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            86.23.85.13.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            206.23.85.13.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            206.23.85.13.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            30.243.111.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            30.243.111.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            249.197.17.2.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            249.197.17.2.in-addr.arpa
            IN PTR
            Response
            249.197.17.2.in-addr.arpa
            IN PTR
            a2-17-197-249deploystaticakamaitechnologiescom
          • flag-us
            DNS
            43.58.199.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            43.58.199.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            tse1.mm.bing.net
            Remote address:
            8.8.8.8:53
            Request
            tse1.mm.bing.net
            IN A
            Response
            tse1.mm.bing.net
            IN CNAME
            mm-mm.bing.net.trafficmanager.net
            mm-mm.bing.net.trafficmanager.net
            IN CNAME
            dual-a-0001.a-msedge.net
            dual-a-0001.a-msedge.net
            IN A
            204.79.197.200
            dual-a-0001.a-msedge.net
            IN A
            13.107.21.200
          • flag-us
            GET
            https://tse1.mm.bing.net/th?id=OADD2.10239354941507_1IKXGMO7QA3RV5DUV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
            Remote address:
            204.79.197.200:443
            Request
            GET /th?id=OADD2.10239354941507_1IKXGMO7QA3RV5DUV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
            host: tse1.mm.bing.net
            accept: */*
            accept-encoding: gzip, deflate, br
            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
            Response
            HTTP/2.0 200
            cache-control: public, max-age=2592000
            content-length: 532928
            content-type: image/jpeg
            x-cache: TCP_HIT
            access-control-allow-origin: *
            access-control-allow-headers: *
            access-control-allow-methods: GET, POST, OPTIONS
            timing-allow-origin: *
            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: 113C846541B149398B6B9DB1E437BC72 Ref B: LON04EDGE1111 Ref C: 2024-06-03T22:25:50Z
            date: Mon, 03 Jun 2024 22:25:50 GMT
          • flag-us
            GET
            https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
            Remote address:
            204.79.197.200:443
            Request
            GET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
            host: tse1.mm.bing.net
            accept: */*
            accept-encoding: gzip, deflate, br
            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
            Response
            HTTP/2.0 200
            cache-control: public, max-age=2592000
            content-length: 468637
            content-type: image/jpeg
            x-cache: TCP_HIT
            access-control-allow-origin: *
            access-control-allow-headers: *
            access-control-allow-methods: GET, POST, OPTIONS
            timing-allow-origin: *
            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: 82749B6AD3084F1CBA6E13A779050A23 Ref B: LON04EDGE1111 Ref C: 2024-06-03T22:25:50Z
            date: Mon, 03 Jun 2024 22:25:50 GMT
          • flag-us
            GET
            https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
            Remote address:
            204.79.197.200:443
            Request
            GET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
            host: tse1.mm.bing.net
            accept: */*
            accept-encoding: gzip, deflate, br
            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
            Response
            HTTP/2.0 200
            cache-control: public, max-age=2592000
            content-length: 449656
            content-type: image/jpeg
            x-cache: TCP_HIT
            access-control-allow-origin: *
            access-control-allow-headers: *
            access-control-allow-methods: GET, POST, OPTIONS
            timing-allow-origin: *
            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: 24045E09BA0F45E3B789BF557B3F2020 Ref B: LON04EDGE1111 Ref C: 2024-06-03T22:25:50Z
            date: Mon, 03 Jun 2024 22:25:50 GMT
          • flag-us
            GET
            https://tse1.mm.bing.net/th?id=OADD2.10239354941506_108VQJ4IWCAUQROCX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
            Remote address:
            204.79.197.200:443
            Request
            GET /th?id=OADD2.10239354941506_108VQJ4IWCAUQROCX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
            host: tse1.mm.bing.net
            accept: */*
            accept-encoding: gzip, deflate, br
            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
            Response
            HTTP/2.0 200
            cache-control: public, max-age=2592000
            content-length: 533476
            content-type: image/jpeg
            x-cache: TCP_HIT
            access-control-allow-origin: *
            access-control-allow-headers: *
            access-control-allow-methods: GET, POST, OPTIONS
            timing-allow-origin: *
            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: 4739CEC42BE944D9A8EB8C54B45C9CC2 Ref B: LON04EDGE1111 Ref C: 2024-06-03T22:25:50Z
            date: Mon, 03 Jun 2024 22:25:50 GMT
          • flag-us
            DNS
            17.173.189.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            17.173.189.20.in-addr.arpa
            IN PTR
            Response
          • 204.79.197.200:443
            tse1.mm.bing.net
            tls, http2
            1.2kB
             8.1kB
             16
            14
          • 204.79.197.200:443
            https://tse1.mm.bing.net/th?id=OADD2.10239354941506_108VQJ4IWCAUQROCX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
            tls, http2
            72.4kB
             2.1MB
             1502
            1499

            HTTP Request

            GET https://tse1.mm.bing.net/th?id=OADD2.10239354941507_1IKXGMO7QA3RV5DUV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

            HTTP Request

            GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

            HTTP Request

            GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

            HTTP Request

            GET https://tse1.mm.bing.net/th?id=OADD2.10239354941506_108VQJ4IWCAUQROCX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

            HTTP Response

            200

            HTTP Response

            200

            HTTP Response

            200

            HTTP Response

            200
          • 204.79.197.200:443
            tse1.mm.bing.net
            tls, http2
            1.2kB
             8.1kB
             16
            14
          • 204.79.197.200:443
            tse1.mm.bing.net
            tls, http2
            1.2kB
             8.1kB
             16
            14
          • 8.8.8.8:53
            8.8.8.8.in-addr.arpa
            dns
            66 B
             90 B
             1
            1

            DNS Request

            8.8.8.8.in-addr.arpa

          • 8.8.8.8:53
            149.220.183.52.in-addr.arpa
            dns
            73 B
             147 B
             1
            1

            DNS Request

            149.220.183.52.in-addr.arpa

          • 8.8.8.8:53
            240.197.17.2.in-addr.arpa
            dns
            71 B
             135 B
             1
            1

            DNS Request

            240.197.17.2.in-addr.arpa

          • 8.8.8.8:53
            23.159.190.20.in-addr.arpa
            dns
            72 B
             158 B
             1
            1

            DNS Request

            23.159.190.20.in-addr.arpa

          • 8.8.8.8:53
            183.142.211.20.in-addr.arpa
            dns
            73 B
             159 B
             1
            1

            DNS Request

            183.142.211.20.in-addr.arpa

          • 8.8.8.8:53
            133.211.185.52.in-addr.arpa
            dns
            73 B
             147 B
             1
            1

            DNS Request

            133.211.185.52.in-addr.arpa

          • 8.8.8.8:53
            86.23.85.13.in-addr.arpa
            dns
            70 B
             144 B
             1
            1

            DNS Request

            86.23.85.13.in-addr.arpa

          • 8.8.8.8:53
            206.23.85.13.in-addr.arpa
            dns
            71 B
             145 B
             1
            1

            DNS Request

            206.23.85.13.in-addr.arpa

          • 8.8.8.8:53
            30.243.111.52.in-addr.arpa
            dns
            72 B
             158 B
             1
            1

            DNS Request

            30.243.111.52.in-addr.arpa

          • 8.8.8.8:53
            249.197.17.2.in-addr.arpa
            dns
            71 B
             135 B
             1
            1

            DNS Request

            249.197.17.2.in-addr.arpa

          • 8.8.8.8:53
            43.58.199.20.in-addr.arpa
            dns
            71 B
             157 B
             1
            1

            DNS Request

            43.58.199.20.in-addr.arpa

          • 8.8.8.8:53
            tse1.mm.bing.net
            dns
            62 B
             173 B
             1
            1

            DNS Request

            tse1.mm.bing.net

            DNS Response

            204.79.197.200
            13.107.21.200

          • 8.8.8.8:53
            17.173.189.20.in-addr.arpa
            dns
            72 B
             158 B
             1
            1

            DNS Request

            17.173.189.20.in-addr.arpa

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          We care about your privacy.

          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.