Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2e4381bcd7...18.exe

windows7-x64

7

2e4381bcd7...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 23:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/System.dll

  • Size

    11KB

  • MD5

    c17103ae9072a06da581dec998343fc1

  • SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

  • SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

  • SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

  • SSDEEP

    192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4800
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
      2⤵
        PID:464
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 612
          3⤵
          • Program crash
          PID:4984
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 464 -ip 464
      1⤵
        PID:4016

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=18A70A22CC236C9103631E95CDC36DF2; domain=.bing.com; expires=Sun, 03-Aug-2025 05:52:06 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: A88F9254878E40AAA5CD5EF7A907699A Ref B: LON04EDGE1018 Ref C: 2024-07-09T05:52:06Z
        date: Tue, 09 Jul 2024 05:52:06 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=18A70A22CC236C9103631E95CDC36DF2
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=DpMQxYWAcsm-3br4jBFUMBtnjgxPvGz11osizK6Fh98; domain=.bing.com; expires=Sun, 03-Aug-2025 05:52:06 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 91C9FDAF545A497A9052876D8246A300 Ref B: LON04EDGE1018 Ref C: 2024-07-09T05:52:06Z
        date: Tue, 09 Jul 2024 05:52:06 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=18A70A22CC236C9103631E95CDC36DF2; MSPTC=DpMQxYWAcsm-3br4jBFUMBtnjgxPvGz11osizK6Fh98
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 79D160718A2240BBA1A227B1EB8C18CD Ref B: LON04EDGE1018 Ref C: 2024-07-09T05:52:06Z
        date: Tue, 09 Jul 2024 05:52:06 GMT
      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        67.31.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        67.31.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        81.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.144.22.2.in-addr.arpa
        IN PTR
        Response
        81.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-81deploystaticakamaitechnologiescom
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        83.210.23.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        83.210.23.2.in-addr.arpa
        IN PTR
        Response
        83.210.23.2.in-addr.arpa
        IN PTR
        a2-23-210-83deploystaticakamaitechnologiescom
      • flag-us
        DNS
        73.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.144.22.2.in-addr.arpa
        IN PTR
        Response
        73.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-73deploystaticakamaitechnologiescom
      • flag-us
        DNS
        23.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.236.111.52.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid=
        tls, http2
        2.0kB
         9.3kB
         21
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a949bab861a40749f4acd0e71b6390a&localId=w:0FEE3F99-7F8E-42AB-9CFE-B6C9F2C9446F&deviceId=6896204025871590&anid=

        HTTP Response

        204
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
         90 B
         1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        67.31.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        67.31.126.40.in-addr.arpa

      • 8.8.8.8:53
        81.144.22.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        81.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      • 8.8.8.8:53
        83.210.23.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        83.210.23.2.in-addr.arpa

      • 8.8.8.8:53
        73.144.22.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        73.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        23.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        23.236.111.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.