Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

1ae04738ea...0N.dll

windows7-x64

1

1ae04738ea...0N.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 01:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ae04738eabc0eb5a48c534b9e62e330N.dll

  • Size

    6KB

  • MD5

    1ae04738eabc0eb5a48c534b9e62e330

  • SHA1

    d2ab9b470b0e2ac903c1b2f8aa4c24d4de58713d

  • SHA256

    12a1ccd84b28812f3e4c26416fc306811dfa0afe702025fd25575f69f14e35a8

  • SHA512

    7578129c2371df213875fe50d2487629a9bbfc1ce73709c93f05c6370d6f3ae3f36d72401e368fef4d0edb01506c909ed2a2c44b1a1ad7b38721dd53fe99bc35

  • SSDEEP

    48:63mll5YVOa9VUX1iwbQWu0KB+BDq9J5SH:VDa9VUX9bQWqB+FqX5SH

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ae04738eabc0eb5a48c534b9e62e330N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:456
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ae04738eabc0eb5a48c534b9e62e330N.dll,#1
      2⤵
        PID:628

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=2F19891AFAED681127129DADFB0D691A; domain=.bing.com; expires=Sun, 03-Aug-2025 01:09:31 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A8A918A53A4D4882ACA42428A32CE2A1 Ref B: LON04EDGE1021 Ref C: 2024-07-09T01:09:31Z
      date: Tue, 09 Jul 2024 01:09:30 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2F19891AFAED681127129DADFB0D691A
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=sBIT2OCic8P2lH8whsbyQpmsUcxDtWs4WR88kKw6XLg; domain=.bing.com; expires=Sun, 03-Aug-2025 01:09:31 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: AA538FEF9AD64BBC9B76EDD8392420AD Ref B: LON04EDGE1021 Ref C: 2024-07-09T01:09:31Z
      date: Tue, 09 Jul 2024 01:09:30 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2F19891AFAED681127129DADFB0D691A; MSPTC=sBIT2OCic8P2lH8whsbyQpmsUcxDtWs4WR88kKw6XLg
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 8053FC12DAF74E638BE79FB9A1009FC4 Ref B: LON04EDGE1021 Ref C: 2024-07-09T01:09:31Z
      date: Tue, 09 Jul 2024 01:09:30 GMT
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      73.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      25.140.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      25.140.123.92.in-addr.arpa
      IN PTR
      Response
      25.140.123.92.in-addr.arpa
      IN PTR
      a92-123-140-25deploystaticakamaitechnologiescom
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      73.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.190.18.2.in-addr.arpa
      IN PTR
      Response
      73.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-73deploystaticakamaitechnologiescom
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=
      tls, http2
      2.0kB
       9.3kB
       21
      18

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be755b7829d741b39cbdb88a2da7a7c5&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      73.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      73.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      25.140.123.92.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      25.140.123.92.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      73.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      73.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.