Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/01/2023, 04:31

230114-e5ekpsdg41 6

14/01/2023, 04:26

230114-e2yjeahh36 6

Analysis

  • max time kernel
    55s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    14/01/2023, 04:31

General

  • Target

    https://discordapp.com/ra/DTJRDv-wLnT68qcxz8UWv7hRwmNO9uH5S2DKf_-DonY

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://discordapp.com/ra/DTJRDv-wLnT68qcxz8UWv7hRwmNO9uH5S2DKf_-DonY
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:888
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:888 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1368
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PushUnblock.mp4"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:784
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnlockMerge.asx"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:652

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

    Filesize

    304B

    MD5

    781602441469750c3219c8c38b515ed4

    SHA1

    e885acd1cbd0b897ebcedbb145bef1c330f80595

    SHA256

    81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

    SHA512

    2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

    Filesize

    531B

    MD5

    f06faf4310cb4783f0dac449c3464b1c

    SHA1

    be312f72f1284b25ba4b73737e62f05c2e127e3b

    SHA256

    b4a30a3cb28ca8de8b6f57499ea068204e91471c3183988486e1d3d0499df6cc

    SHA512

    5069697999600c36d45e99f5edacf789ebe6c62f142970eb09790a3e038f4fac834a11bfa613ded23640326b3dfba4e9d263411c51578c4212d14b696608cd1c

  • memory/784-54-0x000007FEFC3C1000-0x000007FEFC3C3000-memory.dmp

    Filesize

    8KB