Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ItsOnFire.apk

android-9-x86

ItsOnFire.apk

android-10-x64

ItsOnFire.apk

android-11-x64

1

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

damageshelter.ogg

windows7-x64

1

damageshelter.ogg

windows10-2004-x64

7

invaderexplode.ogg

windows7-x64

1

invaderexplode.ogg

windows10-2004-x64

7

oh.ogg

windows7-x64

1

oh.ogg

windows10-2004-x64

7

playerexplode.ogg

windows7-x64

1

playerexplode.ogg

windows10-2004-x64

7

shoot.ogg

windows7-x64

1

shoot.ogg

windows10-2004-x64

7

uh.ogg

windows7-x64

1

uh.ogg

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    58s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2023, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    shoot.ogg

  • Size

    43KB

  • MD5

    ef629770d6b4871e9bb640d164cb201d

  • SHA1

    8c8bef0e4195df67bff3692bdd50154d25a8b3fc

  • SHA256

    649f7c795519e022479451575ca0fa064e5479d0b484c8deb2a82cfb9034eae3

  • SHA512

    0923bc22009234839ea8410ccd3922aef7733df1f5c1403255c854c8dc21234d0fd4c2bee2327f7a302cbbf1e3c0c043e41d92a4dc3532d10fb2f3303e1aa4e5

  • SSDEEP

    768:66zL8fIoH4zjb4nHbAM5Tn/eJHIkUx1IAdvErAMKr9ZgAk+Khy2:66z8I34n7X5T/FrGhow7l

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\shoot.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1576
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\shoot.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4924
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3dc 0x2d4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4924-5-0x00007FF6E6B00000-0x00007FF6E6BF8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4924-6-0x00007FFF83840000-0x00007FFF83874000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4924-7-0x00007FFF74120000-0x00007FFF743D4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4924-8-0x00007FFF87C40000-0x00007FFF87C58000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4924-9-0x00007FFF87B80000-0x00007FFF87B97000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4924-10-0x00007FFF83920000-0x00007FFF83931000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-12-0x00007FFF835F0000-0x00007FFF83601000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-13-0x00007FFF835D0000-0x00007FFF835ED000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4924-11-0x00007FFF83730000-0x00007FFF83747000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4924-14-0x00007FFF835B0000-0x00007FFF835C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-15-0x00007FFF73070000-0x00007FFF7411B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/4924-16-0x00007FFF72E70000-0x00007FFF73070000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4924-17-0x00007FFF834A0000-0x00007FFF834DF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4924-18-0x00007FFF83470000-0x00007FFF83491000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4924-20-0x00007FFF83450000-0x00007FFF83461000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-22-0x00007FFF831C0000-0x00007FFF831D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-21-0x00007FFF83430000-0x00007FFF83441000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-23-0x00007FFF831A0000-0x00007FFF831BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4924-24-0x00007FFF83180000-0x00007FFF83191000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-19-0x00007FFF83590000-0x00007FFF835A8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4924-27-0x00007FFF7A9D0000-0x00007FFF7AA37000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4924-28-0x00007FFF7A2D0000-0x00007FFF7A33F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4924-26-0x00007FFF829A0000-0x00007FFF829D0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4924-29-0x00007FFF83140000-0x00007FFF83151000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-30-0x00007FFF72E10000-0x00007FFF72E6C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4924-25-0x00007FFF83160000-0x00007FFF83178000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4924-31-0x00007FFF72DB0000-0x00007FFF72E06000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4924-32-0x00007FFF72D80000-0x00007FFF72DA8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4924-33-0x00007FFF72D50000-0x00007FFF72D74000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4924-35-0x00007FFF83270000-0x00007FFF83293000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4924-34-0x00007FFF82AC0000-0x00007FFF82AD7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4924-36-0x00007FFF83250000-0x00007FFF83261000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-37-0x00007FFF83230000-0x00007FFF83242000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4924-38-0x00007FFF83200000-0x00007FFF83221000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4924-39-0x00007FFF831E0000-0x00007FFF831F3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4924-40-0x00007FFF72BD0000-0x00007FFF72D48000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4924-41-0x00007FFF81D80000-0x00007FFF81D97000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4924-43-0x00007FFF7F6A0000-0x00007FFF7F6CF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4924-45-0x00007FFF72910000-0x00007FFF72926000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4924-44-0x00007FFF79F40000-0x00007FFF79F51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-46-0x00007FFF728F0000-0x00007FFF72905000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4924-42-0x00007FFF82970000-0x00007FFF82980000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4924-47-0x00007FFF72380000-0x00007FFF72391000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-48-0x00007FFF72360000-0x00007FFF72372000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4924-49-0x00007FFF721E0000-0x00007FFF7235A000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4924-51-0x00007FFF721A0000-0x00007FFF721B4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4924-50-0x00007FFF721C0000-0x00007FFF721D3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4924-52-0x00007FFF72180000-0x00007FFF72191000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-53-0x00007FFF72160000-0x00007FFF72171000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-54-0x00007FFF72140000-0x00007FFF72151000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4924-55-0x00007FFF72120000-0x00007FFF72136000-memory.dmp

    Filesize

    88KB

    Download