Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Natro Macr...re.dll

windows11-21h2-x64

1

Natro Macr...fe.dll

windows11-21h2-x64

1

Natro Macr...er.dll

windows11-21h2-x64

1

Natro Macr...ed.dll

windows11-21h2-x64

1

Natro Macr...re.dll

windows11-21h2-x64

1

Natro Macr...mo.dll

windows11-21h2-x64

1

Natro Macr...ta.dll

windows11-21h2-x64

1

Natro Macr...ay.dll

windows11-21h2-x64

1

Natro Macr...na.dll

windows11-21h2-x64

1

Natro Macr...ce.dll

windows11-21h2-x64

1

Natro Macr...ts.dll

windows11-21h2-x64

1

Natro Macr...us.dll

windows11-21h2-x64

1

Natro Macr...n3.dll

windows11-21h2-x64

1

Natro Macr...al.dll

windows11-21h2-x64

1

Natro Macr...eo.dll

windows11-21h2-x64

1

Natro Macr...NK.dll

windows11-21h2-x64

1

Natro Macr...er.dll

windows11-21h2-x64

1

Natro Macr...GV.dll

windows11-21h2-x64

1

Natro Macr...se.dll

windows11-21h2-x64

1

Natro Macr...AS.dll

windows11-21h2-x64

1

Natro Macr...x3.dll

windows11-21h2-x64

1

Natro Macr...mp.dll

windows11-21h2-x64

1

Natro Macr...in.dll

windows11-21h2-x64

3

Natro Macr...S7.dll

windows11-21h2-x64

1

Natro Macr...ay.dll

windows11-21h2-x64

1

Natro Macr...rk.dll

windows11-21h2-x64

1

Natro Macr...32.exe

windows11-21h2-x64

3

Natro Macr...64.exe

windows11-21h2-x64

1

Natro Macr...or.vbs

windows11-21h2-x64

1

Natro Macr...us.ps1

windows11-21h2-x64

3

Natro Macr...und.js

windows11-21h2-x64

3

Natro Macr...ro.vbs

windows11-21h2-x64

1

Resubmissions

01/09/2024, 14:08 UTC

240901-rfv8datbph 4

01/09/2024, 13:57 UTC

240901-q9ddzssdrm 3

Analysis

  • max time kernel
    1326s
  • max time network
    1147s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/09/2024, 13:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Natro Macro v1.0.0.2/nm_image_assets/Styles/Relapse.dll

  • Size

    5.9MB

  • MD5

    2dc98f65afb1da057f664432f6edb717

  • SHA1

    7e73f15bb56402ba7d80c4960cb30db6d496baf6

  • SHA256

    27040c8b6123d1dbde2113459aec6206574f7bbdb9743b175c87807330bae238

  • SHA512

    33165a97a50135a5409da4b9eeeba7f6bfbb7f2d5ab77e0a3937f4adb56f17f2d3d97737f2eeba5ebdafb1abd9cf27cb714af9acf243b969407132caf1c946d3

  • SSDEEP

    12288:aBSoDedbIyyLqIdzB/js70ytXvjWGUSN4fT8PsyF4GSocOF8bdyLVwl82AjscMaD:q75EjTNe0OwdlId

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Natro Macro v1.0.0.2\nm_image_assets\Styles\Relapse.dll",#1
    1⤵
      PID:3596

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      login.live.com
      Remote address:
      8.8.8.8:53
      Request
      login.live.com
      IN A
      Response
      login.live.com
      IN CNAME
      login.msa.msidentity.com
      login.msa.msidentity.com
      IN CNAME
      www.tm.lg.prod.aadmsa.trafficmanager.net
      www.tm.lg.prod.aadmsa.trafficmanager.net
      IN CNAME
      prdv4a.aadg.msidentity.com
      prdv4a.aadg.msidentity.com
      IN CNAME
      www.tm.v4.a.prd.aadg.trafficmanager.net
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.4
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.31.69
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.71
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.2
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.68
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.75
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.64
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.31.67
    • flag-us
      DNS
      4.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      4.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      IN A
      20.223.36.55
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      ctldl.windowsupdate.com.delivery.microsoft.com
      ctldl.windowsupdate.com.delivery.microsoft.com
      IN CNAME
      wu-b-net.trafficmanager.net
      wu-b-net.trafficmanager.net
      IN CNAME
      wu.azureedge.net
      wu.azureedge.net
      IN CNAME
      wu.ec.azureedge.net
      wu.ec.azureedge.net
      IN CNAME
      bg.apr-52dd2-0503.edgecastdns.net
      bg.apr-52dd2-0503.edgecastdns.net
      IN CNAME
      hlb.apr-52dd2-0.edgecastdns.net
      hlb.apr-52dd2-0.edgecastdns.net
      IN CNAME
      cs11.wpc.v0cdn.net
      cs11.wpc.v0cdn.net
      IN A
      93.184.221.240
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
      IN A
      20.223.35.26
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      IN A
      20.223.36.55
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-ppe-azsc-v2-weu.westeurope.cloudapp.azure.com
      iris-de-ppe-azsc-v2-weu.westeurope.cloudapp.azure.com
      IN A
      20.86.201.138
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      138.201.86.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      138.201.86.20.in-addr.arpa
      IN PTR
      Response
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.3kB
       17
      15
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.3kB
       17
      15
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      130.0kB
       3.7MB
       2723
      2718
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.3kB
       17
      15
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.3kB
       17
      15
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      1.1kB
       2.9kB
       16
      16

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

      DNS Request

      login.live.com

      DNS Response

      20.190.159.4
      40.126.31.69
      20.190.159.71
      20.190.159.2
      20.190.159.68
      20.190.159.75
      20.190.159.64
      40.126.31.67

      DNS Request

      4.159.190.20.in-addr.arpa

      DNS Request

      43.58.199.20.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.223.36.55

      DNS Request

      55.36.223.20.in-addr.arpa

      DNS Request

      54.120.234.20.in-addr.arpa

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      93.184.221.240

      DNS Request

      240.221.184.93.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.223.35.26

      DNS Request

      26.35.223.20.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.223.36.55

      DNS Request

      arc.msn.com

      DNS Response

      20.86.201.138

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

      DNS Request

      138.201.86.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.