Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
80s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
24/04/2023, 13:31
Static task
static1
Behavioral task
behavioral1
Sample
jskqdhkqsjndbhkjsqhd.mp4
Resource
win7-20230220-en
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
jskqdhkqsjndbhkjsqhd.mp4
Resource
win10v2004-20230220-en
3 signatures
150 seconds
General
-
Target
jskqdhkqsjndbhkjsqhd.mp4
-
Size
66.8MB
-
MD5
6215e191bd6a6cb1f29d8b0bec90e04e
-
SHA1
a531d582c4f73e4629903bfc21729c00754c93b9
-
SHA256
26084484651332f81546ae5bbcaaa3048ce621074a6bd81eae1e65622f2d6b1c
-
SHA512
7160247c42968edb9fcd19dc54dbcfdbe370b09fa30e24287798a9cb7cac24b5339d3204e7922b3257c10a12d13872c89cfd05c4304cb74ff62a57e16f47a725
-
SSDEEP
1572864:21/2yZWJJDDfc7xokcxPHQ2Ld9yuFe4BbF/df6:21+yZWLDbca//zdYuFeW1S
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1224 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1224 vlc.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: 33 1200 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1200 AUDIODG.EXE Token: 33 1200 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1200 AUDIODG.EXE Token: 33 1224 vlc.exe Token: SeIncBasePriorityPrivilege 1224 vlc.exe -
Suspicious use of FindShellTrayWindow 39 IoCs
pid Process 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe -
Suspicious use of SendNotifyMessage 9 IoCs
pid Process 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe 1224 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1224 vlc.exe
Processes
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jskqdhkqsjndbhkjsqhd.mp4"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1224
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5641⤵
- Suspicious use of AdjustPrivilegeToken
PID:1200