Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

c170f17069...5a.dll

windows7-x64

8

c170f17069...5a.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    95s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/09/2024, 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c170f17069409eac894e594d540582ffcafc660722e28e0661ec445d9b90d05a.dll

  • Size

    1.9MB

  • MD5

    3caac678e22c587908e2529cde33024d

  • SHA1

    401594b7883ecbb8cc93349d4fe3cb753466341a

  • SHA256

    c170f17069409eac894e594d540582ffcafc660722e28e0661ec445d9b90d05a

  • SHA512

    0167e8742bcaa8c6bcc163b7fb331e519d968472073e85f8ac6a4d1a006de63257bf7560d2713536a7ec54229c6774f66eb58241058acb3f30237871b4efd617

  • SSDEEP

    24576:mkm/ITi3EoMI2PepB/K2xBknI7YkziXaT0Fuq49DKva2D9bLdKpbMafSlm9jxAjB:m9X4q/vGWT+XBj9b2bMafS09jxAjfoM

Score
8/10
discovery

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c170f17069409eac894e594d540582ffcafc660722e28e0661ec445d9b90d05a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c170f17069409eac894e594d540582ffcafc660722e28e0661ec445d9b90d05a.dll,#1
      2⤵
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      PID:4640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4640-1-0x00000000030C0000-0x000000000316B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/4640-0-0x0000000002F60000-0x000000000300B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/4640-2-0x0000000003170000-0x0000000003214000-memory.dmp

    Filesize

    656KB

    Download

  • memory/4640-4-0x0000000003220000-0x00000000032B2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4640-3-0x0000000003220000-0x00000000032B2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4640-6-0x0000000003220000-0x00000000032B2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4640-7-0x0000000002F60000-0x000000000300B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/4640-9-0x00000000030C0000-0x000000000316B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/4640-8-0x0000000000400000-0x00000000005EF000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4640-14-0x00000000032C0000-0x0000000003CE8000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/4640-13-0x0000000003220000-0x00000000032B2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4640-15-0x0000000003CF0000-0x0000000003D7B000-memory.dmp

    Filesize

    556KB

    Download

  • memory/4640-16-0x0000000003D80000-0x0000000003E07000-memory.dmp

    Filesize

    540KB

    Download

  • memory/4640-19-0x0000000003D80000-0x0000000003E07000-memory.dmp

    Filesize

    540KB

    Download

  • memory/4640-17-0x0000000003D80000-0x0000000003E07000-memory.dmp

    Filesize

    540KB

    Download

  • memory/4640-20-0x0000000000E00000-0x0000000000E01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4640-22-0x0000000000E10000-0x0000000000E14000-memory.dmp

    Filesize

    16KB

    Download