Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ItsOnFire.apk

android-9-x86

ItsOnFire.apk

android-10-x64

ItsOnFire.apk

android-11-x64

1

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

damageshelter.ogg

windows7-x64

1

damageshelter.ogg

windows10-2004-x64

7

invaderexplode.ogg

windows7-x64

1

invaderexplode.ogg

windows10-2004-x64

7

oh.ogg

windows7-x64

1

oh.ogg

windows10-2004-x64

7

playerexplode.ogg

windows7-x64

1

playerexplode.ogg

windows10-2004-x64

7

shoot.ogg

windows7-x64

1

shoot.ogg

windows10-2004-x64

7

uh.ogg

windows7-x64

1

uh.ogg

windows10-2004-x64

7

Resubmissions

03/10/2023, 14:56

231003-sbdm7scb8z 7

03/10/2023, 14:35

231003-rx4abadf82 7

02/10/2023, 22:39

231002-2k417afa8s 7

02/10/2023, 21:20

231002-z68v6aeg3z 7

Analysis

  • max time kernel
    141s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2023, 14:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    oh.ogg

  • Size

    10KB

  • MD5

    cfe9690ba3e211c18e62c72fd79eef19

  • SHA1

    7abe861a5152f09f9e787e82a1db82a1deac157b

  • SHA256

    18e02aec04c077843b0deee0ffffc2199d413da7e2058c5f121f65bfc184e8c2

  • SHA512

    1beb6ca6ee6026eff9cda637f0cf2694521de95056938d6f142f38d103610d227b1b3e2b13e05e5d1f5cd056d5de54bc86285746a46c613154612994bb98c6b8

  • SSDEEP

    192:umP9hVauKEoLHMb+Etefm0+7UXtztAzyTLu8:umVhmbwbxtm3Zyu

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\oh.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:412
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\oh.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4716
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x43c 0x468
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4716-5-0x00007FF735680000-0x00007FF735778000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4716-6-0x00007FFADEFC0000-0x00007FFADEFF4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4716-7-0x00007FFADA470000-0x00007FFADA724000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4716-9-0x00007FFADE300000-0x00007FFADE317000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4716-10-0x00007FFADE2E0000-0x00007FFADE2F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-8-0x00007FFADEBB0000-0x00007FFADEBC8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4716-11-0x00007FFADAE80000-0x00007FFADAE97000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4716-12-0x00007FFADAE60000-0x00007FFADAE71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-13-0x00007FFADAE40000-0x00007FFADAE5D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4716-14-0x00007FFADAE20000-0x00007FFADAE31000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-15-0x00007FFACFC70000-0x00007FFACFE70000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4716-16-0x00007FFADADE0000-0x00007FFADAE1F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4716-17-0x00007FFACEBC0000-0x00007FFACFC6B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/4716-18-0x00007FFADADB0000-0x00007FFADADD1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4716-19-0x00007FFAD5580000-0x00007FFAD5598000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4716-20-0x00007FFACEBA0000-0x00007FFACEBB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-21-0x00007FFACEA80000-0x00007FFACEA91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-22-0x00007FFACEA60000-0x00007FFACEA71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-24-0x00007FFACEA00000-0x00007FFACEA11000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-23-0x00007FFACEA20000-0x00007FFACEA3B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4716-25-0x00007FFACE920000-0x00007FFACE938000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4716-26-0x00007FFACE8F0000-0x00007FFACE920000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4716-27-0x00007FFACE880000-0x00007FFACE8E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4716-28-0x00007FFACE810000-0x00007FFACE87F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4716-30-0x00007FFACE790000-0x00007FFACE7EC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4716-31-0x00007FFACE570000-0x00007FFACE5C6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4716-32-0x00007FFACE540000-0x00007FFACE568000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4716-29-0x00007FFACE7F0000-0x00007FFACE801000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-33-0x00007FFACE510000-0x00007FFACE534000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4716-34-0x00007FFACE4F0000-0x00007FFACE507000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4716-35-0x00007FFACE4C0000-0x00007FFACE4E3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4716-36-0x00007FFACE4A0000-0x00007FFACE4B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-37-0x00007FFACE480000-0x00007FFACE492000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4716-38-0x00007FFACE450000-0x00007FFACE471000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4716-39-0x00007FFACE430000-0x00007FFACE443000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4716-40-0x00007FFACE2B0000-0x00007FFACE428000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4716-42-0x00007FFADEC20000-0x00007FFADEC30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4716-41-0x00007FFACE290000-0x00007FFACE2A7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4716-43-0x00007FFACE000000-0x00007FFACE02F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4716-44-0x00007FFACDFE0000-0x00007FFACDFF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-45-0x00007FFACDFC0000-0x00007FFACDFD6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4716-47-0x00007FFACD390000-0x00007FFACD3A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-48-0x00007FFACD370000-0x00007FFACD382000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4716-46-0x00007FFACDFA0000-0x00007FFACDFB5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4716-49-0x00007FFACD1F0000-0x00007FFACD36A000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4716-50-0x00007FFACD1D0000-0x00007FFACD1E3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4716-52-0x00007FFACD190000-0x00007FFACD1A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-53-0x00007FFACD170000-0x00007FFACD181000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-51-0x00007FFACD1B0000-0x00007FFACD1C4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4716-54-0x00007FFACD150000-0x00007FFACD161000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4716-55-0x00007FFACD130000-0x00007FFACD146000-memory.dmp

    Filesize

    88KB

    Download