Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
03/10/2023, 14:56
231003-sbdm7scb8z 703/10/2023, 14:35
231003-rx4abadf82 702/10/2023, 22:39
231002-2k417afa8s 702/10/2023, 21:20
231002-z68v6aeg3z 7Analysis
-
max time kernel
159s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
03/10/2023, 14:35
General
-
Target
damageshelter.ogg
-
Size
16KB
-
MD5
26df32d00fe1e5a754c43590eca08b8a
-
SHA1
e2061ea74213ee1fa73e62f4cb00e5ca2d498b17
-
SHA256
49eff40d58068528f8a4aeaef67027fa308f3d4b75a8e5e1c572d1fbfa5f710d
-
SHA512
94e9859be87afd04b7eb4347530f00d54cd9e7f6e80d545fbc374374dbfb100a39997ecd4f4af09bfda5e4a4635f48dcac85abc833724728df3a4f04d0bfe899
-
SSDEEP
192:XKv+FWxZknNi8XWWwbMIbkrk7lQ719rm663DIIIIIxyIIIII+ZF2HU39n8HUqUTa:XKqWQUCMb6k7iBZ634SIw9nrYvws
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SendNotifyMessage 7 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\damageshelter.ogg1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\damageshelter.ogg"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f0 0x3f41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
992KB
-
Filesize
208KB
-
Filesize
2.7MB
-
Filesize
96KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
116KB
-
Filesize
68KB
-
Filesize
2.0MB
-
Filesize
16.7MB
-
Filesize
132KB
-
Filesize
68KB
-
Filesize
96KB
-
Filesize
252KB
-
Filesize
68KB
-
Filesize
108KB
-
Filesize
68KB
-
Filesize
192KB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
412KB
-
Filesize
444KB
-
Filesize
68KB
-
Filesize
368KB
-
Filesize
344KB
-
Filesize
160KB
-
Filesize
92KB
-
Filesize
144KB
-
Filesize
140KB
-
Filesize
68KB
-
Filesize
72KB
-
Filesize
132KB
-
Filesize
76KB
-
Filesize
1.5MB
-
Filesize
92KB
-
Filesize
64KB
-
Filesize
188KB
-
Filesize
68KB
-
Filesize
88KB
-
Filesize
84KB
-
Filesize
68KB
-
Filesize
72KB
-
Filesize
1.5MB
-
Filesize
88KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
80KB
-
Filesize
76KB