Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ANGRY.ogg

windows7-x64

1

ANGRY.ogg

windows10-2004-x64

7

ANGRY_TEXT_BOX.ogg

windows7-x64

1

ANGRY_TEXT_BOX.ogg

windows10-2004-x64

7

Animation.json

windows7-x64

3

Animation.json

windows10-2004-x64

3

BF_Dialogue.png

windows7-x64

3

BF_Dialogue.png

windows10-2004-x64

3

BF_Dialogue.xml

windows7-x64

1

BF_Dialogue.xml

windows10-2004-x64

1

BOYFRIEND.png

windows7-x64

3

BOYFRIEND.png

windows10-2004-x64

3

BOYFRIEND.xml

windows7-x64

1

BOYFRIEND.xml

windows10-2004-x64

1

BOYFRIEND_DEAD.png

windows7-x64

3

BOYFRIEND_DEAD.png

windows10-2004-x64

3

BOYFRIEND_DEAD.xml

windows7-x64

1

BOYFRIEND_DEAD.xml

windows10-2004-x64

1

DADDY_DEAREST.png

windows7-x64

3

DADDY_DEAREST.png

windows10-2004-x64

3

DADDY_DEAREST.xml

windows7-x64

1

DADDY_DEAREST.xml

windows10-2004-x64

1

DISTORTO.ogg

windows7-x64

1

DISTORTO.ogg

windows10-2004-x64

7

GF_1.ogg

windows7-x64

1

GF_1.ogg

windows10-2004-x64

7

GF_2.ogg

windows7-x64

1

GF_2.ogg

windows10-2004-x64

7

GF_3.ogg

windows7-x64

1

GF_3.ogg

windows10-2004-x64

7

GF_4.ogg

windows7-x64

1

GF_4.ogg

windows10-2004-x64

7

Analysis

  • max time kernel
    166s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    07/11/2023, 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ANGRY_TEXT_BOX.ogg

  • Size

    38KB

  • MD5

    a201afa607bfa0751caecc71406e844d

  • SHA1

    ba9f7ac6ffdd53641f133450438a135b7ec8a380

  • SHA256

    3c056a4dac4c1286dc083b7a7872e8658211f43089fd2216f3c23da7e97ef56c

  • SHA512

    6a7f40fdffd9ac1bec1559c932273dc6196085c861a042c5d3ed6149ca1a20a2ba6c1d397b03a516328effad0b3c07dae762e8be1228b8284afaa130aecbe2bc

  • SSDEEP

    768:laTWqgzbz2kG170Sp/9ZaVjwn70Vs1Lbu+Wzw9DSbZeZS:GWqQzFGFtvewnYwxvJqV

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ANGRY_TEXT_BOX.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\ANGRY_TEXT_BOX.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3924
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3cc 0x3c4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3924-0-0x00007FF7FD330000-0x00007FF7FD428000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3924-1-0x00007FFE23A50000-0x00007FFE23A84000-memory.dmp

    Filesize

    208KB

    Download

  • memory/3924-2-0x00007FFE17310000-0x00007FFE175C4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3924-3-0x00007FF7FD330000-0x00007FF7FD428000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3924-5-0x00007FFE17310000-0x00007FFE175C4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3924-6-0x00007FFE2C7D0000-0x00007FFE2C7E8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3924-7-0x00007FFE27B10000-0x00007FFE27B27000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3924-8-0x00007FFE27780000-0x00007FFE27791000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-10-0x00007FFE27740000-0x00007FFE27751000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-9-0x00007FFE27760000-0x00007FFE27777000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3924-11-0x00007FFE27720000-0x00007FFE2773D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3924-12-0x00007FFE188C0000-0x00007FFE18AC0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-19-0x00007FFE232A0000-0x00007FFE232DF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/3924-18-0x00007FFE26EE0000-0x00007FFE26EF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-21-0x00007FFE26950000-0x00007FFE26968000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3924-20-0x00007FFE23270000-0x00007FFE23291000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3924-26-0x00007FFE18880000-0x00007FFE1889B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3924-27-0x00007FFE18650000-0x00007FFE18661000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-28-0x00007FFE18630000-0x00007FFE18648000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3924-25-0x00007FFE188A0000-0x00007FFE188B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-24-0x00007FFE18D80000-0x00007FFE18D91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-23-0x00007FFE1E190000-0x00007FFE1E1A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-22-0x00007FFE16260000-0x00007FFE1730B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/3924-29-0x00007FFE18600000-0x00007FFE18630000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3924-30-0x00007FFE17A80000-0x00007FFE17AE7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/3924-31-0x00007FFE17A10000-0x00007FFE17A7F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/3924-32-0x00007FFE17960000-0x00007FFE17971000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-33-0x00007FFE16200000-0x00007FFE1625C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/3924-34-0x00007FFE16030000-0x00007FFE161A8000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3924-35-0x00007FFE17940000-0x00007FFE17957000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3924-36-0x00007FFE2EA80000-0x00007FFE2EA90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3924-37-0x00007FFE16000000-0x00007FFE1602F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3924-38-0x00007FFE15FE0000-0x00007FFE15FF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-39-0x00007FFE15FC0000-0x00007FFE15FD6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3924-40-0x00007FFE15EF0000-0x00007FFE15FB5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3924-42-0x00007FFE15960000-0x00007FFE15971000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-43-0x00007FFE15940000-0x00007FFE15952000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3924-41-0x00007FFE15ED0000-0x00007FFE15EE5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3924-44-0x00007FFE157C0000-0x00007FFE1593A000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3924-47-0x00007FFE17310000-0x00007FFE175C4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3924-59-0x00007FFE16260000-0x00007FFE1730B000-memory.dmp

    Filesize

    16.7MB

    Download