Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0297bbb0f0...ee.exe

windows10-1703-x64

3

15aeb8380c...71.exe

windows10-1703-x64

10

1820a0542f...34.dll

windows10-1703-x64

10

1df11bc19a...ad.exe

windows10-1703-x64

7

22934e006b...e7.exe

windows10-1703-x64

3

24989d884f...b7.exe

windows10-1703-x64

10

2828fabf39...65.dll

windows10-1703-x64

1

32b0fbaf95...08.exe

windows10-1703-x64

10

4bf2dace8a...d7.exe

windows10-1703-x64

10

55d03f9954...44.dll

windows10-1703-x64

10

5e58e3818a...cb.exe

windows10-1703-x64

10

611cf2be67...47.exe

windows10-1703-x64

10

654e574fb4...01.exe

windows10-1703-x64

3

6f4ac0da34...a5.exe

windows10-1703-x64

9

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDIR/UAC.dll

windows10-1703-x64

3

$PLUGINSDI...fo.dll

windows10-1703-x64

3

$PLUGINSDI...gs.dll

windows10-1703-x64

3

$PROGRAMFI...it.dll

windows10-1703-x64

3

$PROGRAMFI...ge.dll

windows10-1703-x64

3

$PROGRAMFI...er.dll

windows10-1703-x64

3

7109e67cf6...58.exe

windows10-1703-x64

10

71e2483b2d...4e.dll

windows10-1703-x64

10

79fb1d00ef...00.exe

windows10-1703-x64

1

7ef9667e73...98.exe

windows10-1703-x64

1

8264e723a4...9d.exe

windows10-1703-x64

3

8427f4aaf2...96.exe

windows10-1703-x64

6

863c612734...af.exe

windows10-1703-x64

3

91eab57eaf...d8.exe

windows10-1703-x64

10

942263c895...38.exe

windows10-1703-x64

10

95193266e3...fc.exe

windows10-1703-x64

1

99db2e7287...4e.exe

windows10-1703-x64

10

Resubmissions

04/10/2024, 16:44 UTC

241004-t8yv3syhpd 10

27/09/2024, 16:54 UTC

240927-vepkzsvbre 10

27/09/2024, 16:44 UTC

240927-t86wpavard 10

04/08/2024, 18:04 UTC

240804-wnq1vawbpg 10

03/08/2024, 17:26 UTC

240803-vzvbzazekn 10

03/08/2024, 16:14 UTC

240803-tpp4tsshqa 10

03/08/2024, 15:52 UTC

240803-tbarzsseqc 10

31/07/2024, 19:40 UTC

240731-ydk3yszdpq 10

31/07/2024, 10:53 UTC

240731-my145atfmf 10

Analysis

  • max time kernel
    314s
  • max time network
    623s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    31/07/2024, 19:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/System.dll

  • Size

    11KB

  • MD5

    bf712f32249029466fa86756f5546950

  • SHA1

    75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

  • SHA256

    7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

  • SHA512

    13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

  • SSDEEP

    192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3340
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4400
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 628
        3⤵
        • Program crash
        PID:4704

Network

  • flag-us
    DNS
    27.211.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.211.222.173.in-addr.arpa
    IN PTR
    Response
    27.211.222.173.in-addr.arpa
    IN PTR
    a173-222-211-27deploystaticakamaitechnologiescom
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    66.112.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    66.112.168.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    24.58.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.58.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    27.211.222.173.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    27.211.222.173.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    66.112.168.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    66.112.168.52.in-addr.arpa

  • 8.8.8.8:53
    24.58.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    24.58.20.217.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.