Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Undertale/...43.dll

windows7-x64

1

Undertale/...43.dll

windows10-2004-x64

1

Undertale/...il.dll

windows7-x64

1

Undertale/...il.dll

windows10-2004-x64

1

Undertale/...LE.exe

windows7-x64

3

Undertale/...LE.exe

windows10-2004-x64

6

Undertale/UTES_v1.exe

windows7-x64

3

Undertale/UTES_v1.exe

windows10-2004-x64

4

Undertale/lua5.1.dll

windows7-x64

3

Undertale/lua5.1.dll

windows10-2004-x64

3

Undertale/...me.ogg

windows7-x64

1

Undertale/...me.ogg

windows10-2004-x64

7

Undertale/...re.ogg

windows7-x64

1

Undertale/...re.ogg

windows10-2004-x64

7

Undertale/...ll.ogg

windows7-x64

1

Undertale/...ll.ogg

windows10-2004-x64

7

Undertale/...et.ogg

windows7-x64

1

Undertale/...et.ogg

windows10-2004-x64

7

Undertale/..._a.ogg

windows7-x64

1

Undertale/..._a.ogg

windows10-2004-x64

7

Undertale/..._b.ogg

windows7-x64

1

Undertale/..._b.ogg

windows10-2004-x64

7

Undertale/...ck.ogg

windows7-x64

1

Undertale/...ck.ogg

windows10-2004-x64

7

Undertale/..._3.ogg

windows7-x64

1

Undertale/..._3.ogg

windows10-2004-x64

7

Undertale/...ng.ogg

windows7-x64

1

Undertale/...ng.ogg

windows10-2004-x64

7

Undertale/...ia.ogg

windows7-x64

1

Undertale/...ia.ogg

windows10-2004-x64

7

Undertale/..._c.ogg

windows7-x64

1

Undertale/..._c.ogg

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2023, 00:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Undertale/mus_waterquiet.ogg

  • Size

    237KB

  • MD5

    e62ba6eba4d5351d526c9b10ccc595dc

  • SHA1

    a2b49fdf1ce15f75809a58e5514584e0a9c6aade

  • SHA256

    38c9bcb1338b4bead4b60489e41d75ccb60f222f804ffc4218d7e12a53cb3c94

  • SHA512

    71525e980dada0a29c041aa7a7c8e682a71b440fbd4d3e2efdf8ba8f6458c9262bb681a6ecc3ae91eac9f5e753f50e40c9b0b9d7d057100ad5a828701c441172

  • SSDEEP

    6144:a+ndlkYEnGpqZdNzL6GoWRH0u5XVL4dI+/8lnzE0gXi0yK:a6B5u3mG1WKV8I+/8tPEig

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Undertale\mus_waterquiet.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Undertale\mus_waterquiet.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4616
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x304 0x510
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3844

Network

  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    84.150.43.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    84.150.43.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    37.146.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    37.146.190.20.in-addr.arpa
    IN PTR
    Response
    37.146.190.20.in-addr.arpa
    IN CNAME
    37.0-26.146.190.20.in-addr.arpa
  • flag-us
    DNS
    199.176.139.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.176.139.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.104.205.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.104.205.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.192.144.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.192.144.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    226.101.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.101.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    177.17.30.184.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    177.17.30.184.in-addr.arpa
    IN PTR
    Response
    177.17.30.184.in-addr.arpa
    IN PTR
    a184-30-17-177deploystaticakamaitechnologiescom
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    164.2.77.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    164.2.77.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.3.197.209.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.3.197.209.in-addr.arpa
    IN PTR
    Response
    8.3.197.209.in-addr.arpa
    IN PTR
    vip0x008map2sslhwcdnnet
  • flag-us
    DNS
    99.113.223.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    99.113.223.173.in-addr.arpa
    IN PTR
    Response
    99.113.223.173.in-addr.arpa
    IN PTR
    a173-223-113-99deploystaticakamaitechnologiescom
  • flag-us
    DNS
    113.66.64.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    113.66.64.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    250.255.255.239.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    250.255.255.239.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.136.241.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.136.241.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.232.18.117.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.232.18.117.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.202.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.202.248.87.in-addr.arpa
    IN PTR
    Response
    1.202.248.87.in-addr.arpa
    IN PTR
    https-87-248-202-1amsllnwnet
  • flag-us
    DNS
    1.202.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.202.248.87.in-addr.arpa
    IN PTR
    Response
    1.202.248.87.in-addr.arpa
    IN PTR
    https-87-248-202-1amsllnwnet
  • flag-us
    DNS
    32.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.134.221.88.in-addr.arpa
    IN PTR
    Response
    32.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-32deploystaticakamaitechnologiescom
  • flag-us
    DNS
    32.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.134.221.88.in-addr.arpa
    IN PTR
    Response
    32.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-32deploystaticakamaitechnologiescom
  • flag-us
    DNS
    254.130.255.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.130.255.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.130.255.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.130.255.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.4.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.4.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.232.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.232.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.232.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.232.229.192.in-addr.arpa
    IN PTR
    Response
  • 20.189.173.9:443
    322 B
     7
  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    84.150.43.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    84.150.43.20.in-addr.arpa

  • 8.8.8.8:53
    37.146.190.20.in-addr.arpa
    dns
    72 B
     168 B
     1
    1

    DNS Request

    37.146.190.20.in-addr.arpa

  • 8.8.8.8:53
    199.176.139.52.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    199.176.139.52.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    58.104.205.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    58.104.205.20.in-addr.arpa

  • 8.8.8.8:53
    86.192.144.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    86.192.144.4.in-addr.arpa

  • 8.8.8.8:53
    226.101.242.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    226.101.242.52.in-addr.arpa

  • 8.8.8.8:53
    177.17.30.184.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    177.17.30.184.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    164.2.77.40.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    164.2.77.40.in-addr.arpa

  • 8.8.8.8:53
    8.3.197.209.in-addr.arpa
    dns
    70 B
     111 B
     1
    1

    DNS Request

    8.3.197.209.in-addr.arpa

  • 8.8.8.8:53
    99.113.223.173.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    99.113.223.173.in-addr.arpa

  • 8.8.8.8:53
    113.66.64.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    113.66.64.40.in-addr.arpa

  • 8.8.8.8:53
    250.255.255.239.in-addr.arpa
    dns
    74 B
     131 B
     1
    1

    DNS Request

    250.255.255.239.in-addr.arpa

  • 8.8.8.8:53
    254.136.241.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    254.136.241.8.in-addr.arpa

  • 8.8.8.8:53
    240.232.18.117.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.232.18.117.in-addr.arpa

  • 8.8.8.8:53
    1.202.248.87.in-addr.arpa
    dns
    142 B
     232 B
     2
    2

    DNS Request

    1.202.248.87.in-addr.arpa

    DNS Request

    1.202.248.87.in-addr.arpa

  • 8.8.8.8:53
    32.134.221.88.in-addr.arpa
    dns
    144 B
     274 B
     2
    2

    DNS Request

    32.134.221.88.in-addr.arpa

    DNS Request

    32.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    254.130.255.8.in-addr.arpa
    dns
    144 B
     252 B
     2
    2

    DNS Request

    254.130.255.8.in-addr.arpa

    DNS Request

    254.130.255.8.in-addr.arpa

  • 8.8.8.8:53
    50.4.107.13.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.4.107.13.in-addr.arpa

  • 8.8.8.8:53
    240.232.229.192.in-addr.arpa
    dns
    148 B
     290 B
     2
    2

    DNS Request

    240.232.229.192.in-addr.arpa

    DNS Request

    240.232.229.192.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3844-175-0x0000024D60A30000-0x0000024D60C38000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3844-176-0x0000024D60F20000-0x0000024D60F8B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/4616-166-0x00007FFB18B70000-0x00007FFB18B80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4616-157-0x00007FFB06490000-0x00007FFB064A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-143-0x00007FFB0F0E0000-0x00007FFB0F0F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-145-0x00007FFB078B0000-0x00007FFB078C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-146-0x00007FFB07890000-0x00007FFB078AD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4616-148-0x00007FFB07670000-0x00007FFB07870000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4616-147-0x00007FFB07870000-0x00007FFB07881000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-144-0x00007FFB078D0000-0x00007FFB078E7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4616-141-0x00007FFB0FA40000-0x00007FFB0FA58000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4616-156-0x00007FFB064B0000-0x00007FFB064CB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4616-151-0x00007FFB06550000-0x00007FFB06571000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4616-160-0x00007FFB063D0000-0x00007FFB06437000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4616-158-0x00007FFB06470000-0x00007FFB06488000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4616-162-0x00007FFB06340000-0x00007FFB06351000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-161-0x00007FFB06360000-0x00007FFB063CF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4616-163-0x00007FFB062E0000-0x00007FFB0633C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4616-164-0x00007FFB06160000-0x00007FFB062D8000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4616-165-0x00007FFB06140000-0x00007FFB06157000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4616-142-0x00007FFB0F450000-0x00007FFB0F467000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4616-138-0x00007FF7360B0000-0x00007FF7361A8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4616-149-0x00007FFB065C0000-0x00007FFB0766B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/4616-155-0x00007FFB064D0000-0x00007FFB064E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-167-0x00007FFB05DC0000-0x00007FFB05DEF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4616-154-0x00007FFB064F0000-0x00007FFB06501000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-169-0x00007FFB05D80000-0x00007FFB05D96000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4616-168-0x00007FFB05DA0000-0x00007FFB05DB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-170-0x00007FFB05CB0000-0x00007FFB05D75000-memory.dmp

    Filesize

    788KB

    Download

  • memory/4616-172-0x00007FFB05720000-0x00007FFB05731000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-173-0x00007FFB05700000-0x00007FFB05712000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4616-174-0x00007FFB05580000-0x00007FFB056FA000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4616-171-0x00007FFB05C90000-0x00007FFB05CA5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4616-153-0x00007FFB06510000-0x00007FFB06521000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4616-159-0x00007FFB06440000-0x00007FFB06470000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4616-152-0x00007FFB06530000-0x00007FFB06548000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4616-150-0x00007FFB06580000-0x00007FFB065BF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4616-140-0x00007FFB07B90000-0x00007FFB07E44000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4616-139-0x00007FFB08950000-0x00007FFB08984000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4616-188-0x00007FFB065C0000-0x00007FFB0766B000-memory.dmp

    Filesize

    16.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.