Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Masscan Ad...ss.url

windows10-1703-x64

1

Masscan Ad...UI.exe

windows10-1703-x64

1

Masscan Ad...et.dll

windows10-1703-x64

1

Masscan Ad..._3.exe

windows10-1703-x64

7

$PLUGINSDI...ns.dll

windows10-1703-x64

3

$PLUGINSDI...al.ini

windows10-1703-x64

1

$PLUGINSDI...er.bmp

windows10-1703-x64

4

$PLUGINSDI...rd.bmp

windows10-1703-x64

4

$SYSDIR/Packet.dll

windows10-1703-x64

1

$SYSDIR/pthreadVC.dll

windows10-1703-x64

1

$SYSDIR/wpcap.dll

windows10-1703-x64

1

WinPcapInstall.dll

windows10-1703-x64

3

rpcapd.exe

windows10-1703-x64

1

Masscan Ad...ig.ini

windows10-1703-x64

1

Masscan Ad...an.exe

windows10-1703-x64

1

Masscan Ad...00.dll

windows10-1703-x64

3

Masscan Ad...ap.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    316s
  • max time network
    1576s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15/06/2024, 08:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SYSDIR/wpcap.dll

  • Size

    275KB

  • MD5

    4633b298d57014627831ccac89a2c50b

  • SHA1

    e5f449766722c5c25fa02b065d22a854b6a32a5b

  • SHA256

    b967e4dce952f9232592e4c1753516081438702a53424005642700522055dbc9

  • SHA512

    29590fa5f72e6a36f2b72fc2a2cca35ee41554e13c9995198e740608975621142395d4b2e057db4314edf95520fd32aae8db066444d8d8db0fd06c391111c6d3

  • SSDEEP

    6144:E4yIm5rC9WNWwKcNBSCiLvK8+jKgZBwIbg2:jyIm59WwpqCuEKIwv2

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\wpcap.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\wpcap.dll,#1
      2⤵
        PID:2796

    Network

    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      12.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      12.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      12.173.189.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      12.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2796-0-0x0000000001240000-0x0000000001259000-memory.dmp

      Filesize

      100KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.