Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ibaAnalyze....1.exe

windows7-x64

7

ibaAnalyze....1.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$SYSDIR/Cmct15.dll

windows7-x64

3

$SYSDIR/Cmct15.dll

windows10-2004-x64

3

$SYSDIR/Cmll15ex.dll

windows7-x64

3

$SYSDIR/Cmll15ex.dll

windows10-2004-x64

3

$SYSDIR/Cmll15ht.dll

windows7-x64

3

$SYSDIR/Cmll15ht.dll

windows10-2004-x64

3

$SYSDIR/Cmll15oc.dll

windows7-x64

3

$SYSDIR/Cmll15oc.dll

windows10-2004-x64

3

$SYSDIR/Cmll15xl.dll

windows7-x64

3

$SYSDIR/Cmll15xl.dll

windows10-2004-x64

3

$SYSDIR/Cmls15.dll

windows7-x64

3

$SYSDIR/Cmls15.dll

windows10-2004-x64

3

$SYSDIR/cmbr15.dll

windows7-x64

3

$SYSDIR/cmbr15.dll

windows10-2004-x64

3

$SYSDIR/cmdw15.dll

windows7-x64

3

$SYSDIR/cmdw15.dll

windows10-2004-x64

3

$SYSDIR/cmll15.dll

windows7-x64

3

$SYSDIR/cmll15.dll

windows10-2004-x64

3

$SYSDIR/cmll1500.dll

windows7-x64

3

$SYSDIR/cmll1500.dll

windows10-2004-x64

3

$SYSDIR/cmll1501.chm

windows7-x64

1

$SYSDIR/cmll1501.chm

windows10-2004-x64

1

$SYSDIR/cmll1501.dll

windows7-x64

3

$SYSDIR/cmll1501.dll

windows10-2004-x64

3

$SYSDIR/cmll1509.dll

windows7-x64

3

$SYSDIR/cmll1509.dll

windows10-2004-x64

3

$SYSDIR/cmll1512.dll

windows7-x64

3

$SYSDIR/cmll1512.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2024, 16:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SYSDIR/cmbr15.dll

  • Size

    1.8MB

  • MD5

    caa08517145c0f1b219ca063cbf7c0fb

  • SHA1

    a1433fd8685af252ea9027b5026f59d0968d5c78

  • SHA256

    e4b0f165442508db477e3bfc25de6933c6e1a77d3ae0d37e9990d1681d691881

  • SHA512

    31c1b2c2122aed39c73741844f57beedd2c16d7728cccd7ccc6240d062ecab0b31a038e6ce6f489a1e3b6da32fd13e34a6f6b6fde677dea89b8d4d63f6074bce

  • SSDEEP

    49152:hk4494Kvi2fYIHzdlTHMaQyH/c/aBr/afwOg:G4U4si2gczdiaQyH/c/aBr/afwOg

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\cmbr15.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\cmbr15.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:4852
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 1020
        3⤵
        • Program crash
        PID:1812
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4852 -ip 4852
    1⤵
      PID:2068

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      120.250.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      120.250.22.2.in-addr.arpa
      IN PTR
      Response
      120.250.22.2.in-addr.arpa
      IN PTR
      a2-22-250-120deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      72.72.21.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      72.72.21.2.in-addr.arpa
      IN PTR
      Response
      72.72.21.2.in-addr.arpa
      IN PTR
      a2-21-72-72deploystaticakamaitechnologiescom
    • flag-us
      DNS
      67.209.201.84.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.209.201.84.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      22.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      67.208.201.84.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.208.201.84.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.16.208.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.16.208.104.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      120.250.22.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      120.250.22.2.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      72.72.21.2.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      72.72.21.2.in-addr.arpa

    • 8.8.8.8:53
      67.209.201.84.in-addr.arpa
      dns
      72 B
       132 B
       1
      1

      DNS Request

      67.209.201.84.in-addr.arpa

    • 8.8.8.8:53
      22.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      22.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      67.208.201.84.in-addr.arpa
      dns
      72 B
       132 B
       1
      1

      DNS Request

      67.208.201.84.in-addr.arpa

    • 8.8.8.8:53
      88.16.208.104.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      88.16.208.104.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.