Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ItsOnFire.apk

android-9-x86

ItsOnFire.apk

android-10-x64

ItsOnFire.apk

android-11-x64

1

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

damageshelter.ogg

windows7-x64

1

damageshelter.ogg

windows10-2004-x64

7

invaderexplode.ogg

windows7-x64

1

invaderexplode.ogg

windows10-2004-x64

7

oh.ogg

windows7-x64

1

oh.ogg

windows10-2004-x64

7

playerexplode.ogg

windows7-x64

1

playerexplode.ogg

windows10-2004-x64

7

shoot.ogg

windows7-x64

1

shoot.ogg

windows10-2004-x64

7

uh.ogg

windows7-x64

1

uh.ogg

windows10-2004-x64

7

Resubmissions

03/10/2023, 14:56

231003-sbdm7scb8z 7

03/10/2023, 14:35

231003-rx4abadf82 7

02/10/2023, 22:39

231002-2k417afa8s 7

02/10/2023, 21:20

231002-z68v6aeg3z 7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2023, 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    damageshelter.ogg

  • Size

    16KB

  • MD5

    26df32d00fe1e5a754c43590eca08b8a

  • SHA1

    e2061ea74213ee1fa73e62f4cb00e5ca2d498b17

  • SHA256

    49eff40d58068528f8a4aeaef67027fa308f3d4b75a8e5e1c572d1fbfa5f710d

  • SHA512

    94e9859be87afd04b7eb4347530f00d54cd9e7f6e80d545fbc374374dbfb100a39997ecd4f4af09bfda5e4a4635f48dcac85abc833724728df3a4f04d0bfe899

  • SSDEEP

    192:XKv+FWxZknNi8XWWwbMIbkrk7lQ719rm663DIIIIIxyIIIII+ZF2HU39n8HUqUTa:XKqWQUCMb6k7iBZ634SIw9nrYvws

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\damageshelter.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3336
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\damageshelter.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4948
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3d4 0x4ec
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4948-5-0x00007FF735680000-0x00007FF735778000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4948-6-0x00007FFADE330000-0x00007FFADE364000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4948-7-0x00007FFADA470000-0x00007FFADA724000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4948-8-0x00007FFADEFC0000-0x00007FFADEFD8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4948-9-0x00007FFADE310000-0x00007FFADE327000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4948-11-0x00007FFADE2D0000-0x00007FFADE2E7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4948-10-0x00007FFADE2F0000-0x00007FFADE301000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-12-0x00007FFADADA0000-0x00007FFADADB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-13-0x00007FFADAC80000-0x00007FFADAC9D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4948-14-0x00007FFADAC60000-0x00007FFADAC71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-15-0x00007FFACFB50000-0x00007FFACFD50000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4948-16-0x00007FFACEAA0000-0x00007FFACFB4B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/4948-17-0x00007FFACE9F0000-0x00007FFACEA2F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4948-18-0x00007FFADAC30000-0x00007FFADAC51000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4948-19-0x00007FFAD5580000-0x00007FFAD5598000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4948-20-0x00007FFACE9D0000-0x00007FFACE9E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-22-0x00007FFACE990000-0x00007FFACE9A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-21-0x00007FFACE9B0000-0x00007FFACE9C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-23-0x00007FFACE970000-0x00007FFACE98B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4948-24-0x00007FFACE950000-0x00007FFACE961000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-25-0x00007FFACE930000-0x00007FFACE948000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4948-26-0x00007FFACE900000-0x00007FFACE930000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4948-27-0x00007FFACE890000-0x00007FFACE8F7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4948-28-0x00007FFACE820000-0x00007FFACE88F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4948-30-0x00007FFACE7A0000-0x00007FFACE7FC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4948-29-0x00007FFACE800000-0x00007FFACE811000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-31-0x00007FFACE740000-0x00007FFACE796000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4948-39-0x00007FFACE600000-0x00007FFACE613000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4948-40-0x00007FFACE480000-0x00007FFACE5F8000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4948-38-0x00007FFACE620000-0x00007FFACE641000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4948-41-0x00007FFACE0F0000-0x00007FFACE107000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4948-43-0x00007FFACE250000-0x00007FFACE27F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4948-42-0x00007FFADEC20000-0x00007FFADEC30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4948-37-0x00007FFACE650000-0x00007FFACE662000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4948-44-0x00007FFACE230000-0x00007FFACE241000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-36-0x00007FFACE670000-0x00007FFACE681000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-35-0x00007FFACE690000-0x00007FFACE6B3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4948-45-0x00007FFACE210000-0x00007FFACE226000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4948-34-0x00007FFACE6C0000-0x00007FFACE6D7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4948-47-0x00007FFADEF10000-0x00007FFADEF21000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-46-0x00007FFACE1F0000-0x00007FFACE205000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4948-33-0x00007FFACE6E0000-0x00007FFACE704000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4948-32-0x00007FFACE710000-0x00007FFACE738000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4948-48-0x00007FFADEEF0000-0x00007FFADEF02000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4948-49-0x00007FFACD8A0000-0x00007FFACDA1A000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4948-51-0x00007FFADEEB0000-0x00007FFADEEC4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4948-52-0x00007FFADEE90000-0x00007FFADEEA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-53-0x00007FFADEE70000-0x00007FFADEE81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-50-0x00007FFADEED0000-0x00007FFADEEE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4948-54-0x00007FFACE160000-0x00007FFACE171000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-55-0x00007FFACE140000-0x00007FFACE156000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4948-67-0x00007FFACEAA0000-0x00007FFACFB4B000-memory.dmp

    Filesize

    16.7MB

    Download