Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Vorion App Setup.exe

windows7-x64

10

Vorion App Setup.exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Accessibility.dll

windows7-x64

1

Accessibility.dll

windows10-2004-x64

1

D3DCompile...r3.dll

windows10-2004-x64

1

DirectWrit...er.dll

windows7-x64

1

DirectWrit...er.dll

windows10-2004-x64

1

Microsoft.CSharp.dll

windows7-x64

1

Microsoft.CSharp.dll

windows10-2004-x64

1

Microsoft....64.dll

windows7-x64

1

Microsoft....64.dll

windows10-2004-x64

1

Microsoft....re.dll

windows7-x64

1

Microsoft....re.dll

windows10-2004-x64

1

Microsoft....ms.dll

windows7-x64

1

Microsoft....ms.dll

windows10-2004-x64

1

Microsoft....ic.dll

windows7-x64

1

Microsoft....ic.dll

windows10-2004-x64

1

Microsoft....es.dll

windows7-x64

1

Microsoft....es.dll

windows10-2004-x64

1

Microsoft....ol.dll

windows7-x64

1

Microsoft....ol.dll

windows10-2004-x64

1

Microsoft....ry.dll

windows7-x64

1

Microsoft....ry.dll

windows10-2004-x64

1

Microsoft....ts.dll

windows7-x64

1

Microsoft....ts.dll

windows10-2004-x64

1

PenImc_cor3.dll

windows7-x64

1

Resubmissions

03/07/2024, 02:51 UTC

240703-dcfrmatepc 10

03/07/2024, 02:39 UTC

240703-c5h7satbkh 8

19/06/2024, 01:29 UTC

240619-bv78gswajp 10

19/06/2024, 01:23 UTC

240619-brv4ravhkp 7

Analysis

  • max time kernel
    134s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 01:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/System.dll

  • Size

    12KB

  • MD5

    4add245d4ba34b04f213409bfe504c07

  • SHA1

    ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

  • SHA256

    9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

  • SHA512

    1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

  • SSDEEP

    192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:464
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
      2⤵
        PID:4032
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 612
          3⤵
          • Program crash
          PID:4352
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4032 -ip 4032
      1⤵
        PID:2128
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:2556

        Network

        • flag-us
          DNS
          28.118.140.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          28.118.140.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          172.210.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.210.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          72.32.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          72.32.126.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          157.123.68.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          157.123.68.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          31.121.18.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          31.121.18.2.in-addr.arpa
          IN PTR
          Response
          31.121.18.2.in-addr.arpa
          IN PTR
          a2-18-121-31deploystaticakamaitechnologiescom
        • flag-us
          DNS
          171.39.242.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          171.39.242.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          240.221.184.93.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          240.221.184.93.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          23.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          23.236.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN A
          Response
          chromewebstore.googleapis.com
          IN A
          142.250.180.10
          chromewebstore.googleapis.com
          IN A
          172.217.16.234
          chromewebstore.googleapis.com
          IN A
          142.250.187.202
          chromewebstore.googleapis.com
          IN A
          216.58.201.106
          chromewebstore.googleapis.com
          IN A
          216.58.213.10
          chromewebstore.googleapis.com
          IN A
          142.250.179.234
          chromewebstore.googleapis.com
          IN A
          142.250.200.42
          chromewebstore.googleapis.com
          IN A
          142.250.178.10
          chromewebstore.googleapis.com
          IN A
          216.58.212.234
          chromewebstore.googleapis.com
          IN A
          216.58.212.202
          chromewebstore.googleapis.com
          IN A
          172.217.169.42
          chromewebstore.googleapis.com
          IN A
          172.217.169.10
          chromewebstore.googleapis.com
          IN A
          142.250.200.10
          chromewebstore.googleapis.com
          IN A
          216.58.204.74
          chromewebstore.googleapis.com
          IN A
          142.250.187.234
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN Unknown
          Response
        • flag-us
          DNS
          122.10.44.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          122.10.44.20.in-addr.arpa
          IN PTR
          Response
        • 142.250.180.10:443
          chromewebstore.googleapis.com
          tls
          1.9kB
           7.9kB
           15
          16
        • 8.8.8.8:53
          28.118.140.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          28.118.140.52.in-addr.arpa

        • 8.8.8.8:53
          172.210.232.199.in-addr.arpa
          dns
          74 B
           128 B
           1
          1

          DNS Request

          172.210.232.199.in-addr.arpa

        • 8.8.8.8:53
          72.32.126.40.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          72.32.126.40.in-addr.arpa

        • 8.8.8.8:53
          157.123.68.40.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          157.123.68.40.in-addr.arpa

        • 8.8.8.8:53
          171.39.242.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          171.39.242.20.in-addr.arpa

        • 8.8.8.8:53
          31.121.18.2.in-addr.arpa
          dns
          70 B
           133 B
           1
          1

          DNS Request

          31.121.18.2.in-addr.arpa

        • 8.8.8.8:53
          240.221.184.93.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          240.221.184.93.in-addr.arpa

        • 8.8.8.8:53
          23.236.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          23.236.111.52.in-addr.arpa

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           315 B
           1
          1

          DNS Request

          chromewebstore.googleapis.com

          DNS Response

          142.250.180.10
          172.217.16.234
          142.250.187.202
          216.58.201.106
          216.58.213.10
          142.250.179.234
          142.250.200.42
          142.250.178.10
          216.58.212.234
          216.58.212.202
          172.217.169.42
          172.217.169.10
          142.250.200.10
          216.58.204.74
          142.250.187.234

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           132 B
           1
          1

          DNS Request

          chromewebstore.googleapis.com

        • 8.8.8.8:53
          122.10.44.20.in-addr.arpa
          dns
          71 B
           145 B
           1
          1

          DNS Request

          122.10.44.20.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.