Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

088a5597c2...18.exe

windows7-x64

7

088a5597c2...18.exe

windows10-2004-x64

7

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...AC.dll

windows7-x64

1

$PLUGINSDI...AC.dll

windows10-2004-x64

1

$PLUGINSDI....0.dll

windows7-x64

1

$PLUGINSDI....0.dll

windows10-2004-x64

1

$PLUGINSDI...VC.dll

windows7-x64

1

$PLUGINSDI...VC.dll

windows10-2004-x64

1

$PLUGINSDI...np.dll

windows7-x64

3

$PLUGINSDI...np.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...us.dll

windows7-x64

3

$PLUGINSDI...us.dll

windows10-2004-x64

3

$PLUGINSDI...CE.dll

windows7-x64

1

$PLUGINSDI...CE.dll

windows10-2004-x64

1

$PLUGINSDI...el.dll

windows7-x64

1

$PLUGINSDI...el.dll

windows10-2004-x64

1

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/Live.dll

windows7-x64

1

$PLUGINSDIR/Live.dll

windows10-2004-x64

1

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...le.dll

windows7-x64

1

$PLUGINSDI...le.dll

windows10-2004-x64

1

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDIR/PPAP.exe

windows7-x64

1

$PLUGINSDIR/PPAP.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 12:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/Live.dll

  • Size

    205KB

  • MD5

    ec03fa69a025dc807314b9dcb5498986

  • SHA1

    a0f5abfa07ce548f10b806922eff748d2652f0e9

  • SHA256

    c3c5091dad0c0be701f6da2ae41a07f3614d6f567031dda823e5a320483c2243

  • SHA512

    78c30b0616686454be4c2eff375c91445270effb8d7bcbca372692ed86ce9dc383f91512fc65a937cd7c478c0c5cbd840e301aceabbf7d3c58cb92a80671cabb

  • SSDEEP

    6144:juVS50/4IMjqndIM7NpiLgqe4tQ+PAHWgaWSJKR82+gS45y69z6gm61xdO:jg82+gS4J9+gO

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Live.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4520
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Live.dll,#1
      2⤵
        PID:4808

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    No results found
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      330 B
       5

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.