Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    425s
  • max time network
    429s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13/01/2025, 09:13 UTC

General

  • Target

    $PLUGINSDIR/System.dll

  • Size

    22KB

  • MD5

    a36fbe922ffac9cd85a845d7a813f391

  • SHA1

    f656a613a723cc1b449034d73551b4fcdf0dcf1a

  • SHA256

    fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

  • SHA512

    1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

  • SSDEEP

    384:V8QIl975eXqlWBrz7YLOlE/NyQH38E9VF6IYinAM+oZ5a1TN:VgPgrfYLO+rMEpYinAMxZG

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3140
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:420
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 420 -s 468
        3⤵
        • Program crash
        PID:1480
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 420 -ip 420
    1⤵
      PID:1316

    Network

    • flag-us
      DNS
      41.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.134.221.88.in-addr.arpa
      IN PTR
      Response
      41.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      ctldl.windowsupdate.com.delivery.microsoft.com
      ctldl.windowsupdate.com.delivery.microsoft.com
      IN CNAME
      wu-b-net.trafficmanager.net
      wu-b-net.trafficmanager.net
      IN CNAME
      download.windowsupdate.com.edgesuite.net
      download.windowsupdate.com.edgesuite.net
      IN CNAME
      a767.dspw65.akamai.net
      a767.dspw65.akamai.net
      IN A
      88.221.134.19
      a767.dspw65.akamai.net
      IN A
      88.221.134.66
      a767.dspw65.akamai.net
      IN A
      88.221.135.73
      a767.dspw65.akamai.net
      IN A
      88.221.135.202
      a767.dspw65.akamai.net
      IN A
      88.221.134.41
      a767.dspw65.akamai.net
      IN A
      88.221.134.9
      a767.dspw65.akamai.net
      IN A
      88.221.135.219
    No results found
    • 8.8.8.8:53
      41.134.221.88.in-addr.arpa
      dns
      141 B
      500 B
      2
      2

      DNS Request

      41.134.221.88.in-addr.arpa

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      88.221.134.19
      88.221.134.66
      88.221.135.73
      88.221.135.202
      88.221.134.41
      88.221.134.9
      88.221.135.219

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.