Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

d1460e8a7d...e9.dll

windows7-x64

1

d1460e8a7d...e9.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 15:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1460e8a7dde28025d7370deb1b33fb305a8d7d9c43c42692e29619ca753aee9.dll

  • Size

    2.7MB

  • MD5

    586550f0c078a8ccfcced52017ad9103

  • SHA1

    bdc315b83577a0628e8d6f0990003d30b10646e6

  • SHA256

    d1460e8a7dde28025d7370deb1b33fb305a8d7d9c43c42692e29619ca753aee9

  • SHA512

    c72fd9bad16568d83958f60398407c5e569f8f1da90301a010ec878e18cb9672449055821add8e422bbec1b696e79cd8ea8badb37cf9d685e33510dc4f39ef72

  • SSDEEP

    49152:nZQM556V13kZa00o531+4WaZI5Qz9Gl6TKd4Fw8lWRFZWqOq:nZH6V1U1/53Q4WaZIg6P4FwF/fOq

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1460e8a7dde28025d7370deb1b33fb305a8d7d9c43c42692e29619ca753aee9.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4088
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1460e8a7dde28025d7370deb1b33fb305a8d7d9c43c42692e29619ca753aee9.dll,#1
      2⤵
        PID:3816

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De82h_HkhnsvJ7nrCrlIKrsaTVUCUw69Aa756hRmgQQuoFYANxdm2_2LboHU6t9XqsD1zic3T-RvhiPO6X0bgRsdxtafI2ULUsTY8o1L_OBTrbfRNeLZzTv37S9KfHEUNjTzdsyrmXbTaFEq0IvnJ0YLsaNh01bbEeSMxwqjlrLvTQRk0gj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6f30b2b72e4819a9ca4cd4dfe5600c9e&TIME=20240611T221016Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De82h_HkhnsvJ7nrCrlIKrsaTVUCUw69Aa756hRmgQQuoFYANxdm2_2LboHU6t9XqsD1zic3T-RvhiPO6X0bgRsdxtafI2ULUsTY8o1L_OBTrbfRNeLZzTv37S9KfHEUNjTzdsyrmXbTaFEq0IvnJ0YLsaNh01bbEeSMxwqjlrLvTQRk0gj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6f30b2b72e4819a9ca4cd4dfe5600c9e&TIME=20240611T221016Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=1417AA03D8896ADB2CDEBE9FD9AE6B83; domain=.bing.com; expires=Mon, 07-Jul-2025 15:37:19 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: FB3BAE6CFF414F6A923C6EBB5004DC8D Ref B: LON04EDGE0711 Ref C: 2024-06-12T15:37:19Z
      date: Wed, 12 Jun 2024 15:37:18 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De82h_HkhnsvJ7nrCrlIKrsaTVUCUw69Aa756hRmgQQuoFYANxdm2_2LboHU6t9XqsD1zic3T-RvhiPO6X0bgRsdxtafI2ULUsTY8o1L_OBTrbfRNeLZzTv37S9KfHEUNjTzdsyrmXbTaFEq0IvnJ0YLsaNh01bbEeSMxwqjlrLvTQRk0gj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6f30b2b72e4819a9ca4cd4dfe5600c9e&TIME=20240611T221016Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De82h_HkhnsvJ7nrCrlIKrsaTVUCUw69Aa756hRmgQQuoFYANxdm2_2LboHU6t9XqsD1zic3T-RvhiPO6X0bgRsdxtafI2ULUsTY8o1L_OBTrbfRNeLZzTv37S9KfHEUNjTzdsyrmXbTaFEq0IvnJ0YLsaNh01bbEeSMxwqjlrLvTQRk0gj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6f30b2b72e4819a9ca4cd4dfe5600c9e&TIME=20240611T221016Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1417AA03D8896ADB2CDEBE9FD9AE6B83; _EDGE_S=SID=150D74F5E02C6D151A266069E1866CBA
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=XMnK6BMGG67bA4Is_MZxXOFZwseiQKdmsIUFe2cmmB8; domain=.bing.com; expires=Mon, 07-Jul-2025 15:37:19 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 16521AB169C34FF58A85ED4F4546BA88 Ref B: LON04EDGE0711 Ref C: 2024-06-12T15:37:19Z
      date: Wed, 12 Jun 2024 15:37:19 GMT
    • flag-be
      GET
      https://www.bing.com/aes/c.gif?RG=52a8985051e14f66b26006cbcfe38b3e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221016Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525
      Remote address:
      88.221.83.225:443
      Request
      GET /aes/c.gif?RG=52a8985051e14f66b26006cbcfe38b3e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221016Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1417AA03D8896ADB2CDEBE9FD9AE6B83
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 34BEDE00B67B48FAB4F5510D24E08C31 Ref B: DUS30EDGE0712 Ref C: 2024-06-12T15:37:19Z
      content-length: 0
      date: Wed, 12 Jun 2024 15:37:19 GMT
      set-cookie: _EDGE_S=SID=150D74F5E02C6D151A266069E1866CBA; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=1417AA03D8896ADB2CDEBE9FD9AE6B83; path=/; httponly; expires=Mon, 07-Jul-2025 15:37:19 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.dd53dd58.1718206639.4fc708b
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      71.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      225.83.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      225.83.221.88.in-addr.arpa
      IN PTR
      Response
      225.83.221.88.in-addr.arpa
      IN PTR
      a88-221-83-225deploystaticakamaitechnologiescom
    • flag-us
      DNS
      105.83.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      105.83.221.88.in-addr.arpa
      IN PTR
      Response
      105.83.221.88.in-addr.arpa
      IN PTR
      a88-221-83-105deploystaticakamaitechnologiescom
    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De82h_HkhnsvJ7nrCrlIKrsaTVUCUw69Aa756hRmgQQuoFYANxdm2_2LboHU6t9XqsD1zic3T-RvhiPO6X0bgRsdxtafI2ULUsTY8o1L_OBTrbfRNeLZzTv37S9KfHEUNjTzdsyrmXbTaFEq0IvnJ0YLsaNh01bbEeSMxwqjlrLvTQRk0gj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6f30b2b72e4819a9ca4cd4dfe5600c9e&TIME=20240611T221016Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
      tls, http2
      2.5kB
       9.0kB
       19
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De82h_HkhnsvJ7nrCrlIKrsaTVUCUw69Aa756hRmgQQuoFYANxdm2_2LboHU6t9XqsD1zic3T-RvhiPO6X0bgRsdxtafI2ULUsTY8o1L_OBTrbfRNeLZzTv37S9KfHEUNjTzdsyrmXbTaFEq0IvnJ0YLsaNh01bbEeSMxwqjlrLvTQRk0gj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6f30b2b72e4819a9ca4cd4dfe5600c9e&TIME=20240611T221016Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De82h_HkhnsvJ7nrCrlIKrsaTVUCUw69Aa756hRmgQQuoFYANxdm2_2LboHU6t9XqsD1zic3T-RvhiPO6X0bgRsdxtafI2ULUsTY8o1L_OBTrbfRNeLZzTv37S9KfHEUNjTzdsyrmXbTaFEq0IvnJ0YLsaNh01bbEeSMxwqjlrLvTQRk0gj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6f30b2b72e4819a9ca4cd4dfe5600c9e&TIME=20240611T221016Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

      HTTP Response

      204
    • 88.221.83.225:443
      https://www.bing.com/aes/c.gif?RG=52a8985051e14f66b26006cbcfe38b3e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221016Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525
      tls, http2
      1.4kB
       5.3kB
       16
      10

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=52a8985051e14f66b26006cbcfe38b3e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221016Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      71.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      71.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      225.83.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      225.83.221.88.in-addr.arpa

    • 8.8.8.8:53
      105.83.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      105.83.221.88.in-addr.arpa

    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      13.227.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3816-0-0x0000000074EF0000-0x00000000755EC000-memory.dmp

      Filesize

      7.0MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.