Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
15/01/2025, 15:32 UTC
General
-
Target
ed979ce49b3373765a91b15c1c37c00b.dll
-
Size
5.0MB
-
MD5
ed979ce49b3373765a91b15c1c37c00b
-
SHA1
b8a4489c57cc66f316240394a9236cec927e0e33
-
SHA256
32c0af5a3035f395db45a739bf97e7025ab7646a9a65ba6f129f20dc46773533
-
SHA512
b6525fff58e5754896f49dec7d4cfced7aed93ff2d367b20cb8e660dd6a176cd48a7704057e0b7c895495c1aae8c3573433ef65478ad5bbd653d40de03c3d2b5
-
SSDEEP
98304:dDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:dDqPe1Cxcxk3ZAEUadzR8yc4H
Score
10/10
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Contacts a large (3312) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 3 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies data under HKEY_USERS 24 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed979ce49b3373765a91b15c1c37c00b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed979ce49b3373765a91b15c1c37c00b.dll,#12⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe3⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i4⤵
- Executes dropped EXE
-
-
-
-
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe -m security1⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
Network
-
DNSwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comRemote address:8.8.8.8:53Requestwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comIN AResponsewww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comIN A104.16.166.228www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comIN A104.16.167.228 -
GEThttp://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/Remote address:104.16.166.228:80RequestGET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Wed, 15 Jan 2025 15:32:06 GMT
Content-Type: text/html
Content-Length: 607
Connection: close
Server: cloudflare
CF-RAY: 9026eaa5690860e4-LHR
-
GEThttp://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/Remote address:104.16.166.228:80RequestGET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Wed, 15 Jan 2025 15:32:06 GMT
Content-Type: text/html
Content-Length: 607
Connection: close
Server: cloudflare
CF-RAY: 9026eaa6fdcd9490-LHR
-
104.16.166.228:80http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/http
HTTP Request
GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/HTTP Response
200 -
104.16.166.228:80http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/http
HTTP Request
GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/HTTP Response
200 -
38.7.126.138:445
-
10.127.0.1:445 -
10.127.1.1:445
-
10.127.2.1:445
-
10.127.3.1:445
-
10.127.4.1:445
-
10.127.5.1:445
-
10.127.6.1:445
-
10.127.7.1:445
-
10.127.8.1:445
-
10.127.9.1:445
-
10.127.10.1:445
-
187.160.50.125:445 -
10.127.11.1:445
-
10.127.12.1:445
-
10.127.13.1:445
-
10.127.14.1:445
-
10.127.15.1:445
-
201.90.224.61:445 -
157.96.144.35:445
-
10.127.16.1:445
-
10.127.17.1:445
-
10.127.18.1:445
-
10.127.19.1:445
-
10.127.20.1:445
-
10.127.21.1:445
-
10.127.22.1:445
-
10.127.23.1:445
-
10.127.24.1:445
-
10.127.25.1:445
-
10.127.26.1:445
-
10.127.27.1:445
-
10.127.28.1:445
-
10.127.29.1:445
-
10.127.30.1:445
-
10.127.31.1:445
-
10.127.32.1:445
-
158.0.189.80:445
-
31.233.156.19:445 -
68.218.223.140:445
-
65.137.50.29:445
-
82.15.53.77:445 -
10.127.33.1:445
-
10.127.34.1:445
-
10.127.35.1:445
-
10.127.36.1:445
-
10.127.37.1:445
-
10.127.38.1:445
-
10.127.39.1:445
-
10.127.40.1:445
-
10.127.41.1:445
-
10.127.42.1:445
-
10.127.43.1:445
-
10.127.44.1:445
-
10.127.45.1:445
-
10.127.46.1:445
-
10.127.47.1:445
-
10.127.48.1:445
-
10.127.49.1:445
-
10.127.50.1:445
-
10.127.51.1:445
-
10.127.52.1:445
-
10.127.53.1:445
-
10.127.54.1:445
-
162.109.61.92:445
-
125.225.179.188:445 -
35.166.46.188:445
-
119.161.104.123:445 -
4.129.90.134:445
-
59.238.253.202:445 -
104.10.226.200:445
-
10.127.55.1:445
-
10.127.56.1:445
-
10.127.57.1:445
-
10.127.58.1:445
-
10.127.59.1:445
-
10.127.60.1:445
-
10.127.61.1:445
-
10.127.62.1:445
-
10.127.63.1:445
-
10.127.64.1:445
-
10.127.65.1:445
-
10.127.66.1:445
-
10.127.67.1:445
-
10.127.68.1:445
-
10.127.69.1:445
-
10.127.70.1:445
-
10.127.71.1:445
-
10.127.72.1:445
-
63.121.58.111:445
-
10.127.73.1:445
-
10.127.74.1:445
-
10.127.75.1:445
-
5.167.54.65:445 -
130.29.91.159:445
-
135.142.163.33:445
-
31.170.195.202:445
-
163.142.79.8:445
-
214.47.111.245:445
-
10.127.76.1:445
-
212.19.166.127:445 -
220.9.188.137:445
-
10.127.77.1:445
-
10.127.78.1:445
-
10.127.79.1:445
-
10.127.80.1:445
-
10.127.81.1:445
-
10.127.82.1:445
-
10.127.83.1:445
-
10.127.84.1:445
-
10.127.85.1:445
-
10.127.86.1:445
-
10.127.87.1:445
-
10.127.88.1:445
-
10.127.89.1:445
-
10.127.90.1:445
-
175.78.252.223:445
-
10.127.91.1:445
-
10.127.92.1:445
-
10.127.93.1:445
-
119.62.106.43:445
-
116.59.152.91:445
-
165.25.177.205:445 -
143.212.27.251:445
-
10.127.94.1:445
-
33.139.81.116:445
-
203.181.33.226:445
-
211.143.5.128:445
-
123.8.239.218:445
-
169.254.133.213:445
-
10.127.95.1:445
-
10.127.96.1:445
-
10.127.97.1:445
-
10.127.98.1:445
-
10.127.99.1:445
-
10.127.100.1:445
-
10.127.101.1:445
-
10.127.102.1:445
-
10.127.103.1:445
-
10.127.104.1:445
-
10.127.105.1:445
-
10.127.106.1:445
-
10.127.107.1:445
-
10.127.108.1:445
-
10.127.109.1:445
-
10.127.110.1:445
-
149.189.216.60:445
-
10.127.111.1:445
-
38.134.32.211:445
-
156.222.42.81:445 -
222.159.1.59:445
-
119.89.167.117:445
-
189.4.43.49:445
-
206.8.241.146:445
-
117.4.10.43:445 -
63.65.138.246:445
-
52.75.173.60:445
-
163.213.46.99:445 -
171.35.247.35:445
-
10.127.112.1:445
-
10.127.113.1:445
-
10.127.114.1:445
-
10.127.115.1:445
-
10.127.116.1:445
-
10.127.117.1:445
-
10.127.118.1:445
-
10.127.119.1:445
-
10.127.120.1:445
-
10.127.121.1:445
-
10.127.122.1:445
-
10.127.123.1:445
-
10.127.124.1:445
-
10.127.125.1:445
-
10.127.126.1:445
-
10.127.127.1:445
-
10.127.128.1:445
-
10.127.129.1:445
-
10.127.130.1:445
-
10.127.131.1:445
-
101.208.178.26:445 -
91.185.44.206:445
-
71.57.88.75:445
-
153.81.83.37:445
-
62.55.47.23:445
-
111.237.253.51:445
-
112.252.201.67:445
-
115.59.10.131:445
-
72.3.118.113:445
-
45.42.73.116:445 -
121.83.53.231:445
-
75.224.7.215:445
-
192.203.218.109:445
-
114.181.136.127:445
-
10.127.132.1:445
-
10.127.133.1:445
-
10.127.134.1:445
-
10.127.135.1:445
-
10.127.136.1:445
-
10.127.137.1:445
-
10.127.138.1:445
-
10.127.139.1:445
-
10.127.140.1:445
-
10.127.141.1:445
-
10.127.142.1:445
-
10.127.143.1:445
-
10.127.144.1:445
-
10.127.145.1:445
-
10.127.146.1:445
-
10.127.147.1:445
-
10.127.148.1:445
-
10.127.149.1:445
-
10.127.150.1:445
-
10.127.151.1:445
-
10.127.152.1:445
-
48.206.29.96:445
-
10.127.153.1:445
-
208.33.32.158:445
-
4.39.28.152:445
-
205.46.37.92:445
-
184.149.147.0:445
-
210.185.198.132:445
-
140.185.132.223:445
-
213.116.140.65:445 -
76.206.94.234:445
-
55.119.35.209:445
-
151.243.109.121:445 -
139.12.164.156:445
-
206.131.64.142:445
-
180.14.69.44:445
-
9.80.243.32:445
-
37.154.152.33:445 -
10.127.154.1:445
-
10.127.155.1:445
-
10.127.156.1:445
-
10.127.157.1:445
-
10.127.158.1:445
-
10.127.159.1:445
-
10.127.160.1:445
-
10.127.161.1:445
-
10.127.162.1:445
-
10.127.163.1:445
-
10.127.164.1:445
-
10.127.165.1:445
-
10.127.166.1:445
-
10.127.167.1:445
-
10.127.168.1:445
-
10.127.169.1:445
-
10.127.170.1:445
-
209.198.80.101:445
-
10.127.171.1:445
-
223.213.159.46:445
-
10.127.172.1:445
-
74.134.14.58:445
-
160.120.76.31:445 -
187.49.11.190:445
-
14.172.194.22:445
-
155.8.170.224:445
-
60.225.187.85:445 -
88.156.32.226:445 -
10.148.132.190:445
-
137.129.11.94:445
-
30.144.84.213:445
-
207.139.111.64:445
-
43.161.201.227:445 -
219.58.182.198:445
-
215.138.166.211:445
-
162.140.69.3:445
-
73.86.228.187:445
-
10.127.173.1:445
-
5.165.46.171:445
-
10.127.174.1:445
-
10.127.175.1:445
-
10.127.176.1:445
-
10.127.177.1:445
-
10.127.178.1:445
-
10.127.179.1:445
-
10.127.180.1:445
-
10.127.181.1:445
-
10.127.182.1:445
-
10.127.183.1:445
-
10.127.184.1:445
-
10.127.185.1:445
-
10.127.186.1:445
-
10.127.187.1:445
-
10.127.188.1:445
-
10.127.189.1:445
-
119.153.23.168:445 -
10.127.190.1:445
-
6.253.12.55:445
-
102.66.237.150:445
-
112.3.181.104:445
-
4.194.37.234:445 -
180.185.217.208:445
-
24.135.44.251:445 -
17.189.193.133:445
-
98.91.125.242:445
-
114.146.161.115:445
-
217.228.239.204:445
-
221.134.69.16:445
-
121.4.92.113:445
-
36.187.71.195:445
-
212.66.61.170:445 -
91.80.156.110:445 -
80.215.76.43:445
-
81.194.58.98:445
-
51.176.153.36:445
-
59.124.252.29:445
-
10.127.191.1:445
-
10.127.192.1:445
-
10.127.193.1:445
-
10.127.194.1:445
-
10.127.195.1:445
-
10.127.196.1:445
-
10.127.197.1:445
-
10.127.198.1:445
-
10.127.199.1:445
-
10.127.200.1:445
-
10.127.201.1:445
-
10.127.202.1:445
-
10.127.203.1:445
-
10.127.204.1:445
-
10.127.205.1:445
-
10.127.206.1:445
-
10.127.207.1:445
-
10.127.208.1:445
-
10.127.209.1:445
-
10.127.210.1:445
-
157.112.116.232:445
-
79.70.59.217:445
-
193.51.75.59:445
-
157.231.139.215:445
-
194.6.165.236:445 -
174.168.152.221:445
-
217.250.110.163:445
-
161.102.123.201:445
-
78.31.75.134:445
-
197.7.133.72:445 -
10.127.211.1:445
-
10.127.212.1:445
-
10.127.213.1:445
-
10.127.214.1:445
-
10.127.215.1:445
-
10.127.216.1:445
-
10.127.217.1:445
-
10.127.218.1:445
-
10.127.219.1:445
-
3.146.153.89:445
-
10.127.220.1:445
-
19.165.233.202:445
-
10.127.221.1:445
-
120.59.69.225:445
-
10.127.222.1:445
-
70.99.178.77:445
-
2.103.138.133:445
-
10.127.223.1:445
-
10.127.224.1:445
-
10.127.225.1:445
-
168.138.30.235:445
-
10.127.226.1:445
-
20.166.25.157:445 -
10.127.227.1:445
-
10.127.228.1:445
-
10.127.229.1:445
-
68.60.209.143:445
-
10.127.230.1:445
-
71.110.144.16:445
-
54.126.16.64:445
-
22.239.42.104:445
-
38.101.246.104:445
-
91.164.85.108:445
-
10.198.67.43:445
-
33.153.178.52:445
-
112.251.105.222:445
-
89.146.176.209:445 -
98.64.179.41:445
-
95.159.2.240:445 -
12.228.244.241:445
-
142.198.187.149:445
-
5.107.252.139:445 -
172.27.225.148:445
-
10.127.231.1:445
-
10.127.232.1:445
-
10.127.233.1:445
-
10.127.234.1:445
-
10.127.235.1:445
-
10.127.236.1:445
-
10.127.237.1:445
-
10.127.238.1:445
-
10.127.239.1:445
-
10.127.240.1:445
-
10.127.241.1:445
-
194.139.26.115:445
-
160.22.62.153:445 -
10.127.242.1:445
-
37.74.54.131:445
-
184.82.25.104:445 -
10.127.243.1:445
-
15.22.186.250:445
-
10.127.244.1:445
-
210.109.198.155:445
-
110.141.25.154:445
-
10.127.245.1:445
-
10.127.246.1:445
-
10.127.247.1:445
-
207.165.64.215:445
-
10.127.248.1:445
-
87.0.200.166:445
-
10.127.249.1:445
-
10.127.250.1:445
-
12.134.89.239:445
-
10.127.251.1:445
-
21.104.3.85:445
-
177.140.59.110:445
-
33.148.156.5:445
-
5.28.132.160:445 -
107.194.79.189:445
-
156.102.177.163:445
-
145.90.113.233:445
-
10.127.252.1:445
-
106.36.93.211:445
-
222.38.22.71:445
-
130.42.3.106:445
-
175.24.129.12:445
-
110.76.130.191:445 -
82.60.119.193:445
-
78.206.187.220:445
-
10.127.253.1:445
-
10.127.254.1:445
-
10.127.255.1:445
-
10.127.0.2:445
-
10.127.1.2:445
-
10.127.2.2:445
-
10.127.3.2:445
-
10.127.4.2:445
-
10.127.5.2:445
-
10.127.6.2:445
-
14.79.236.33:445
-
10.127.7.2:445
-
35.3.59.59:445
-
92.185.25.232:445 -
202.82.204.75:445
-
4.131.100.16:445
-
10.127.8.2:445
-
135.174.93.152:445
-
178.153.250.28:445 -
10.127.9.2:445
-
109.162.161.71:445
-
10.127.10.2:445
-
53.173.172.132:445
-
25.105.36.17:445
-
10.127.11.2:445
-
10.127.12.2:445
-
20.109.83.230:445
-
10.127.13.2:445
-
134.123.22.94:445
-
10.127.14.2:445
-
174.9.74.216:445
-
96.135.19.174:445
-
173.105.54.237:445
-
114.6.184.44:445
-
202.103.201.137:445
-
160.30.124.197:445
-
166.126.190.80:445
-
26.251.13.69:445
-
102.207.90.63:445 -
10.42.155.1:445
-
102.82.125.64:445 -
32.30.32.239:445
-
165.26.177.195:445
-
168.190.146.89:445
-
110.178.200.161:445
-
10.127.15.2:445
-
10.127.16.2:445
-
10.127.17.2:445
-
10.127.18.2:445
-
10.127.19.2:445
-
10.127.20.2:445
-
10.127.21.2:445
-
10.127.22.2:445
-
10.127.23.2:445
-
10.127.24.2:445
-
10.127.25.2:445
-
2.106.23.196:445 -
10.127.26.2:445
-
10.127.27.2:445
-
206.171.150.211:445
-
10.127.28.2:445
-
215.14.172.151:445
-
10.127.29.2:445
-
188.189.173.74:445 -
161.197.83.39:445
-
212.252.195.25:445
-
82.38.136.167:445
-
10.127.30.2:445
-
99.189.22.9:445
-
79.240.0.162:445
-
10.127.31.2:445
-
8.8.8.8:53www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comdns
DNS Request
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
DNS Response
104.16.166.228104.16.167.228
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.6MB
MD520824bfa05275a0452726aafbfe0b044
SHA1e448d74c9b8d5528a41de6e77e9f54923890c835
SHA256f8266664ff38fe40c85c2f89024ae5800b8f31ac04c1532f28a890672608e811
SHA512ffc86b3d8fb73a6de232231aeb5ec054cc4afd4403635a54a987ba962c9aecd5b6a75eebaf40eaa6d5fac868cbc78f3d5e7a3a4139c90f3e5b675cf59e3b1c52
-
Filesize
3.4MB
MD57f7ccaa16fb15eb1c7399d422f8363e8
SHA1bd44d0ab543bf814d93b719c24e90d8dd7111234
SHA2562584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd
SHA51283e334b80de08903cfa9891a3fa349c1ece7e19f8e62b74a017512fa9a7989a0fd31929bf1fc13847bee04f2da3dacf6bc3f5ee58f0e4b9d495f4b9af12ed2b7