Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ItsOnFire.apk

android-9-x86

ItsOnFire.apk

android-10-x64

ItsOnFire.apk

android-11-x64

1

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

damageshelter.ogg

windows7-x64

1

damageshelter.ogg

windows10-2004-x64

7

invaderexplode.ogg

windows7-x64

1

invaderexplode.ogg

windows10-2004-x64

7

oh.ogg

windows7-x64

1

oh.ogg

windows10-2004-x64

7

playerexplode.ogg

windows7-x64

1

playerexplode.ogg

windows10-2004-x64

7

shoot.ogg

windows7-x64

1

shoot.ogg

windows10-2004-x64

7

uh.ogg

windows7-x64

1

uh.ogg

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2023, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    damageshelter.ogg

  • Size

    16KB

  • MD5

    26df32d00fe1e5a754c43590eca08b8a

  • SHA1

    e2061ea74213ee1fa73e62f4cb00e5ca2d498b17

  • SHA256

    49eff40d58068528f8a4aeaef67027fa308f3d4b75a8e5e1c572d1fbfa5f710d

  • SHA512

    94e9859be87afd04b7eb4347530f00d54cd9e7f6e80d545fbc374374dbfb100a39997ecd4f4af09bfda5e4a4635f48dcac85abc833724728df3a4f04d0bfe899

  • SSDEEP

    192:XKv+FWxZknNi8XWWwbMIbkrk7lQ719rm663DIIIIIxyIIIII+ZF2HU39n8HUqUTa:XKqWQUCMb6k7iBZ634SIw9nrYvws

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\damageshelter.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\damageshelter.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4944
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4cc 0x414
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4944-6-0x00007FFD30E70000-0x00007FFD30EA4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4944-5-0x00007FF6BE3A0000-0x00007FF6BE498000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4944-7-0x00007FFD218A0000-0x00007FFD21B54000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4944-9-0x00007FFD30AC0000-0x00007FFD30AD7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4944-8-0x00007FFD30ED0000-0x00007FFD30EE8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4944-10-0x00007FFD30AA0000-0x00007FFD30AB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-11-0x00007FFD30E20000-0x00007FFD30E37000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4944-12-0x00007FFD30E00000-0x00007FFD30E11000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-13-0x00007FFD30D90000-0x00007FFD30DAD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4944-14-0x00007FFD30D70000-0x00007FFD30D81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-15-0x00007FFD21330000-0x00007FFD21530000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4944-16-0x00007FFD20280000-0x00007FFD2132B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/4944-17-0x00007FFD30A60000-0x00007FFD30A9F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4944-18-0x00007FFD30AE0000-0x00007FFD30B01000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4944-19-0x00007FFD30940000-0x00007FFD30958000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4944-20-0x00007FFD30920000-0x00007FFD30931000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-21-0x00007FFD30780000-0x00007FFD30791000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-22-0x00007FFD2D3E0000-0x00007FFD2D3F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-23-0x00007FFD2D3C0000-0x00007FFD2D3DB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4944-24-0x00007FFD2D3A0000-0x00007FFD2D3B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-25-0x00007FFD2C890000-0x00007FFD2C8A8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4944-26-0x00007FFD2C860000-0x00007FFD2C890000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4944-27-0x00007FFD27960000-0x00007FFD279C7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4944-28-0x00007FFD20210000-0x00007FFD2027F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4944-29-0x00007FFD2C840000-0x00007FFD2C851000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-30-0x00007FFD201B0000-0x00007FFD2020C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4944-31-0x00007FFD20150000-0x00007FFD201A6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4944-32-0x00007FFD2C810000-0x00007FFD2C838000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4944-33-0x00007FFD224C0000-0x00007FFD224E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4944-34-0x00007FFD2C510000-0x00007FFD2C527000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4944-35-0x00007FFD22380000-0x00007FFD223A3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4944-36-0x00007FFD275E0000-0x00007FFD275F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-38-0x00007FFD20100000-0x00007FFD20121000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4944-37-0x00007FFD20130000-0x00007FFD20142000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4944-39-0x00007FFD200E0000-0x00007FFD200F3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4944-40-0x00007FFD1FF60000-0x00007FFD200D8000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4944-41-0x00007FFD1FDA0000-0x00007FFD1FDB7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4944-42-0x00007FFD30910000-0x00007FFD30920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4944-43-0x00007FFD1FCE0000-0x00007FFD1FD0F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4944-44-0x00007FFD1FCC0000-0x00007FFD1FCD1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-46-0x00007FFD1FC80000-0x00007FFD1FC95000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4944-45-0x00007FFD1FCA0000-0x00007FFD1FCB6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4944-47-0x00007FFD30C70000-0x00007FFD30C81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-48-0x00007FFD30C50000-0x00007FFD30C62000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4944-49-0x00007FFD1F2F0000-0x00007FFD1F46A000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4944-51-0x00007FFD30C10000-0x00007FFD30C24000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4944-50-0x00007FFD30C30000-0x00007FFD30C43000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4944-52-0x00007FFD30BF0000-0x00007FFD30C01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-54-0x00007FFD2DD40000-0x00007FFD2DD51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-53-0x00007FFD30BD0000-0x00007FFD30BE1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4944-55-0x00007FFD2DD20000-0x00007FFD2DD36000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4944-67-0x00007FFD20280000-0x00007FFD2132B000-memory.dmp

    Filesize

    16.7MB

    Download