Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Thunder Setup.exe

windows7-x64

8

Thunder Setup.exe

windows10-2004-x64

8

jre/Welcome.html

windows7-x64

1

jre/Welcome.html

windows10-2004-x64

1

jre/bin/JA...32.dll

windows7-x64

1

jre/bin/JA...32.dll

windows10-2004-x64

1

jre/bin/JA...ge.dll

windows7-x64

1

jre/bin/JA...ge.dll

windows10-2004-x64

1

jre/bin/Ja...32.dll

windows7-x64

1

jre/bin/Ja...32.dll

windows10-2004-x64

1

jre/bin/Ja...ge.dll

windows7-x64

1

jre/bin/Ja...ge.dll

windows10-2004-x64

1

jre/bin/Wi...32.dll

windows7-x64

3

jre/bin/Wi...32.dll

windows10-2004-x64

3

jre/bin/Wi...ge.dll

windows7-x64

3

jre/bin/Wi...ge.dll

windows10-2004-x64

3

jre/bin/awt.dll

windows7-x64

1

jre/bin/awt.dll

windows10-2004-x64

1

jre/bin/bci.dll

windows7-x64

3

jre/bin/bci.dll

windows10-2004-x64

3

jre/bin/cl...vm.dll

windows7-x64

3

jre/bin/cl...vm.dll

windows10-2004-x64

3

jre/bin/dcpr.dll

windows7-x64

1

jre/bin/dcpr.dll

windows10-2004-x64

1

jre/bin/de...se.dll

windows7-x64

3

jre/bin/de...se.dll

windows10-2004-x64

3

jre/bin/deploy.dll

windows7-x64

3

jre/bin/deploy.dll

windows10-2004-x64

3

jre/bin/dt_shmem.dll

windows7-x64

3

jre/bin/dt_shmem.dll

windows10-2004-x64

3

jre/bin/dt_socket.dll

windows7-x64

1

jre/bin/dt_socket.dll

windows10-2004-x64

1

Resubmissions

14/07/2024, 22:14 UTC

240714-15wd4sxcrg 8

14/07/2024, 16:06 UTC

240714-tj3gzaxdrn 8

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 16:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jre/bin/dt_shmem.dll

  • Size

    24KB

  • MD5

    72b7054811a72d9d48c95845f93fcd2c

  • SHA1

    d25f68566e11b91c2a0989bcc64c6ef17395d775

  • SHA256

    d4b63243d1787809020ba6e91564d17ffea4762af99201e241f4ecd20108d2e8

  • SHA512

    c6a16daaf856939615dfde8e9dbe9d5bfc415507011e85e44c6bf88b17b705c35cd7ced8eda8f358745063f41096938d128dee17e14fe93252e5b046bdfcddc0

  • SSDEEP

    384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\jre\bin\dt_shmem.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\jre\bin\dt_shmem.dll,#1
      2⤵
        PID:2268
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 604
          3⤵
          • Program crash
          PID:2796
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2268 -ip 2268
      1⤵
        PID:4440

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        DNS
        76.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        76.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        0.204.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.204.248.87.in-addr.arpa
        IN PTR
        Response
        0.204.248.87.in-addr.arpa
        IN PTR
        https-87-248-204-0lhrllnwnet
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        192.142.123.92.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        192.142.123.92.in-addr.arpa
        IN PTR
        Response
        192.142.123.92.in-addr.arpa
        IN PTR
        a92-123-142-192deploystaticakamaitechnologiescom
      • flag-us
        DNS
        171.39.242.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        171.39.242.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        21.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        253.15.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        253.15.104.51.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        g.bing.com
        tls
        2.0kB
         9.2kB
         21
        17
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        76.32.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        76.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        0.204.248.87.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        0.204.248.87.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        192.142.123.92.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        192.142.123.92.in-addr.arpa

      • 8.8.8.8:53
        171.39.242.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        171.39.242.20.in-addr.arpa

      • 8.8.8.8:53
        21.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        21.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        253.15.104.51.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        253.15.104.51.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.