Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7ItsOnFire.apk
android-9-x86
ItsOnFire.apk
android-10-x64
ItsOnFire.apk
android-11-x64
1baseline.prof
windows7-x64
3baseline.prof
windows10-2004-x64
3baseline.profm
windows7-x64
3baseline.profm
windows10-2004-x64
3damageshelter.ogg
windows7-x64
1damageshelter.ogg
windows10-2004-x64
7invaderexplode.ogg
windows7-x64
1invaderexplode.ogg
windows10-2004-x64
7oh.ogg
windows7-x64
1oh.ogg
windows10-2004-x64
7playerexplode.ogg
windows7-x64
1playerexplode.ogg
windows10-2004-x64
7shoot.ogg
windows7-x64
1shoot.ogg
windows10-2004-x64
7uh.ogg
windows7-x64
1uh.ogg
windows10-2004-x64
7Resubmissions
03/10/2023, 14:56
231003-sbdm7scb8z 703/10/2023, 14:35
231003-rx4abadf82 702/10/2023, 22:39
231002-2k417afa8s 702/10/2023, 21:20
231002-z68v6aeg3z 7Analysis
-
max time kernel
142s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
03/10/2023, 14:35
Static task
static1
Behavioral task
behavioral1
Sample
ItsOnFire.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
ItsOnFire.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral3
Sample
ItsOnFire.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral4
Sample
baseline.prof
Resource
win7-20230831-en
Behavioral task
behavioral5
Sample
baseline.prof
Resource
win10v2004-20230915-en
Behavioral task
behavioral6
Sample
baseline.profm
Resource
win7-20230831-en
Behavioral task
behavioral7
Sample
baseline.profm
Resource
win10v2004-20230915-en
Behavioral task
behavioral8
Sample
damageshelter.ogg
Resource
win7-20230831-en
Behavioral task
behavioral9
Sample
damageshelter.ogg
Resource
win10v2004-20230915-en
Behavioral task
behavioral10
Sample
invaderexplode.ogg
Resource
win7-20230831-en
Behavioral task
behavioral11
Sample
invaderexplode.ogg
Resource
win10v2004-20230915-en
Behavioral task
behavioral12
Sample
oh.ogg
Resource
win7-20230831-en
Behavioral task
behavioral13
Sample
oh.ogg
Resource
win10v2004-20230915-en
Behavioral task
behavioral14
Sample
playerexplode.ogg
Resource
win7-20230831-en
Behavioral task
behavioral15
Sample
playerexplode.ogg
Resource
win10v2004-20230915-en
Behavioral task
behavioral16
Sample
shoot.ogg
Resource
win7-20230831-en
Behavioral task
behavioral17
Sample
shoot.ogg
Resource
win10v2004-20230915-en
Behavioral task
behavioral18
Sample
uh.ogg
Resource
win7-20230831-en
Behavioral task
behavioral19
Sample
uh.ogg
Resource
win10v2004-20230915-en
General
-
Target
damageshelter.ogg
-
Size
16KB
-
MD5
26df32d00fe1e5a754c43590eca08b8a
-
SHA1
e2061ea74213ee1fa73e62f4cb00e5ca2d498b17
-
SHA256
49eff40d58068528f8a4aeaef67027fa308f3d4b75a8e5e1c572d1fbfa5f710d
-
SHA512
94e9859be87afd04b7eb4347530f00d54cd9e7f6e80d545fbc374374dbfb100a39997ecd4f4af09bfda5e4a4635f48dcac85abc833724728df3a4f04d0bfe899
-
SSDEEP
192:XKv+FWxZknNi8XWWwbMIbkrk7lQ719rm663DIIIIIxyIIIII+ZF2HU39n8HUqUTa:XKqWQUCMb6k7iBZ634SIw9nrYvws
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3052 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3052 vlc.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 3052 vlc.exe Token: SeIncBasePriorityPrivilege 3052 vlc.exe -
Suspicious use of FindShellTrayWindow 9 IoCs
pid Process 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe -
Suspicious use of SendNotifyMessage 8 IoCs
pid Process 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe 3052 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3052 vlc.exe
Processes
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\damageshelter.ogg"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3052