Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ItsOnFire.apk

android-9-x86

ItsOnFire.apk

android-10-x64

ItsOnFire.apk

android-11-x64

1

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

damageshelter.ogg

windows7-x64

1

damageshelter.ogg

windows10-2004-x64

7

invaderexplode.ogg

windows7-x64

1

invaderexplode.ogg

windows10-2004-x64

7

oh.ogg

windows7-x64

1

oh.ogg

windows10-2004-x64

7

playerexplode.ogg

windows7-x64

1

playerexplode.ogg

windows10-2004-x64

7

shoot.ogg

windows7-x64

1

shoot.ogg

windows10-2004-x64

7

uh.ogg

windows7-x64

1

uh.ogg

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2023, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    playerexplode.ogg

  • Size

    163KB

  • MD5

    af660e185dbbfb72f7e30311bbd28013

  • SHA1

    a50e062feed661b45a79c51cccf43bcb9a6cb42a

  • SHA256

    f5b62c0027d8cd680f08533702f800ae13217d84f81cf426bffc1b99af3cefab

  • SHA512

    4d950b45847904898ded4309f9e20c4b9bc3de8e7d0f50c4f12626b6cbb50153d263478dac176eebc635607946aa934c3ea351a6246d329046354c436ac77fcb

  • SSDEEP

    3072:LQkpg15Mej4fskkkkkO3AFDxo2dBFCHJ4:0kC/7kkkkkOExo2dBFCp

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\playerexplode.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\playerexplode.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1232
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x30c 0x2e8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1232-5-0x00007FF683040000-0x00007FF683138000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1232-6-0x00007FF880E80000-0x00007FF880EB4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1232-7-0x00007FF871D80000-0x00007FF872034000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1232-8-0x00007FF885510000-0x00007FF885528000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1232-9-0x00007FF880F50000-0x00007FF880F67000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1232-10-0x00007FF880DB0000-0x00007FF880DC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-11-0x00007FF880D90000-0x00007FF880DA7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1232-12-0x00007FF880D70000-0x00007FF880D81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-13-0x00007FF880D50000-0x00007FF880D6D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1232-14-0x00007FF880D30000-0x00007FF880D41000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-15-0x00007FF871B80000-0x00007FF871D80000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1232-16-0x00007FF8805B0000-0x00007FF8805EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1232-17-0x00007FF870AD0000-0x00007FF871B7B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1232-18-0x00007FF880C60000-0x00007FF880C81000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1232-20-0x00007FF880AF0000-0x00007FF880B01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-21-0x00007FF880970000-0x00007FF880981000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-19-0x00007FF880D10000-0x00007FF880D28000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1232-22-0x00007FF880590000-0x00007FF8805A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-23-0x00007FF880570000-0x00007FF88058B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1232-24-0x00007FF880550000-0x00007FF880561000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-25-0x00007FF880530000-0x00007FF880548000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1232-26-0x00007FF880500000-0x00007FF880530000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1232-27-0x00007FF880490000-0x00007FF8804F7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1232-28-0x00007FF880420000-0x00007FF88048F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/1232-30-0x00007FF880150000-0x00007FF8801AC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/1232-31-0x00007FF87C5C0000-0x00007FF87C616000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1232-29-0x00007FF880400000-0x00007FF880411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-32-0x00007FF87D170000-0x00007FF87D198000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1232-33-0x00007FF87C590000-0x00007FF87C5B4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1232-34-0x00007FF87D150000-0x00007FF87D167000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1232-35-0x00007FF87BCC0000-0x00007FF87BCE3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1232-36-0x00007FF87BCA0000-0x00007FF87BCB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-37-0x00007FF87BC80000-0x00007FF87BC92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1232-38-0x00007FF87BC50000-0x00007FF87BC71000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1232-39-0x00007FF879720000-0x00007FF879733000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1232-40-0x00007FF870950000-0x00007FF870AC8000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1232-41-0x00007FF879700000-0x00007FF879717000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1232-42-0x00007FF880F40000-0x00007FF880F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1232-43-0x00007FF8796D0000-0x00007FF8796FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1232-44-0x00007FF877A70000-0x00007FF877A81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-45-0x00007FF877A50000-0x00007FF877A66000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1232-46-0x00007FF8776E0000-0x00007FF8776F5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1232-47-0x00007FF877410000-0x00007FF877421000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-48-0x00007FF872550000-0x00007FF872562000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1232-49-0x00007FF86FA40000-0x00007FF86FBBA000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1232-51-0x00007FF86FA20000-0x00007FF86FA34000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1232-50-0x00007FF872530000-0x00007FF872543000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1232-52-0x00007FF86FA00000-0x00007FF86FA11000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-53-0x00007FF86F9E0000-0x00007FF86F9F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-54-0x00007FF86F9C0000-0x00007FF86F9D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1232-55-0x00007FF86F9A0000-0x00007FF86F9B6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1232-68-0x00007FF870AD0000-0x00007FF871B7B000-memory.dmp

    Filesize

    16.7MB

    Download