Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

getfuckedfoxypaw.mp3

windows10-1703-x64

1

getfuckedfoxypaw.mp3

windows10-2004-x64

8

getfuckedfoxypaw.mp3

windows11-21h2-x64

1

Analysis

  • max time kernel
    38s
  • max time network
    45s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    getfuckedfoxypaw.mp3

  • Size

    2.0MB

  • MD5

    5b785a090119f96d87428a5aa0b2933e

  • SHA1

    09e1eabb350f055f47753444cc807a318a5e6eeb

  • SHA256

    921da20bb910cb6b1bcfb74c21e31d82fb201d5298270e1e811d7b288c1409d0

  • SHA512

    151c5bdc2b47442eb67aa6306def5352424f85d3f4b24912a440540bc4a74c18e09d168a8f8b728ca5f15bb06e0a380f4e1e68bc97204697a9e6c5766b7a2241

  • SSDEEP

    24576:8ffCAc0vZIrhSZFBwjV3J0fYiWhQ7cFw6usnoG752GrXpzdkVQ6Sq56YWKn4evmS:HyZPFITiWS8uwocUGrIVQQnSls

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 8 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\getfuckedfoxypaw.mp3"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\getfuckedfoxypaw.mp3"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4328
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:4356
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\getfuckedfoxypaw.mp3"
        3⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4812
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3468
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:2028
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:2580
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3f4 0x4b4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    64KB

    MD5

    fc240c081ec382df4b74d591d7d37a45

    SHA1

    396e9d8accb2ff8b32e6c3957808cb87d23ad47c

    SHA256

    8cfeb277627a0fc9f2596c83dc37f9a3d8871293cd88dadd08f32098bf936038

    SHA512

    d8f83773c330b88b43f9ebc6220aa98368854e44a75b73a8575e7171f6c32e784d404e5a2e2e7787d3c71c0cfecdbb983631b639d9fee879b374d498d2ef0ab7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    65ac8be23b7ec50ed58b495f610c9711

    SHA1

    df8cdb994c779eb6d06dda8f36e0890fc51367fc

    SHA256

    48418aa27aebd9a7c39c92e9ba9c44cf198de719c15650f729e05aec82c805d4

    SHA512

    8f735bab0bc21ef353730396da6112c410a5bf0eeb5bf1c4d2eeed452f498602a5c39453e373c9343fbe4c24cad3a8fa392596d9b171964d5585b0b2a14e99e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    586b0029320f218cbb3fbdadaf13542f

    SHA1

    c1b545633bb38f2a7d872196542274dc878697be

    SHA256

    e8986843a29c1074395cf7eaa64d5dfe8b29bd9fcb58b95792df3349e324cc35

    SHA512

    5f5009d7bab344b41134bfcb8b5d22f6c7fdcc4ab4c8ed1cf4d6b9236680b767073c7775d62882a1e986c39de7188e0cc63947411729000a6451b94e7c8b8f30

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    9feee5c828b5496a9f4e8a2540fd9bc4

    SHA1

    1b7f360d7104acac864347d828df3e0e930dbda5

    SHA256

    1fa3812a5124903045fea46dd0b3a5e32e2ff8d557343e57ce1156ddb1a40bfb

    SHA512

    167fe4ae3dca08b1ec60388d47c3e765c07bee905b06b66958779c883fd0df4b0e87c22224047d61223a2b405123d81df1cbbd92631618020a3e6d2b8b52f8a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    2KB

    MD5

    b81041ad2fca641596161a1d5e47150c

    SHA1

    413847402f6fdd002d489be681a596d1280d3ce1

    SHA256

    e754d6f497a01329a31a170a3c5d8f04422135acaf6d00def769aa45b04e8c29

    SHA512

    4df395e32dd3f27ca054b3dc6ac80ad8f17e93f2087741e06e207b7cd48a96ab9dd561337bb6744398ab46999cc06ae8fc27b29f837e64086962929d109c74be

    Download Submit

  • memory/4812-43-0x0000000006530000-0x0000000006540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-45-0x0000000006530000-0x0000000006540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-46-0x0000000006530000-0x0000000006540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-47-0x0000000006530000-0x0000000006540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-49-0x0000000006530000-0x0000000006540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-50-0x0000000006530000-0x0000000006540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-52-0x0000000006530000-0x0000000006540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-51-0x0000000006530000-0x0000000006540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-53-0x0000000006530000-0x0000000006540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-62-0x0000000007220000-0x0000000007230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-63-0x0000000007220000-0x0000000007230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-64-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-65-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-66-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-67-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-68-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-69-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-70-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-71-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-73-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-74-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-76-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-75-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-77-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-78-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-80-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-81-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-79-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-82-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-83-0x00000000099A0000-0x00000000099B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-84-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-86-0x0000000006540000-0x0000000006550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-85-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-87-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-89-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-91-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-90-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-88-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-92-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-93-0x0000000006540000-0x0000000006550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-94-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-95-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-97-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-98-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-99-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-105-0x0000000007220000-0x0000000007230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-104-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-103-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-102-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-106-0x0000000007220000-0x0000000007230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-101-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-100-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-107-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-108-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-109-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-110-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-111-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-112-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-113-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-115-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-114-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-116-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-117-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-119-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-121-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-122-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-123-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-120-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-118-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-124-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-125-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-126-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-128-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-129-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-131-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-130-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-132-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-133-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-134-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-135-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-136-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-137-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-139-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-138-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-141-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-140-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-142-0x0000000007220000-0x0000000007230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-143-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-145-0x0000000007220000-0x0000000007230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-144-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-146-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-147-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-148-0x0000000009920000-0x0000000009930000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-150-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-149-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-151-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-152-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-153-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-155-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-156-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-154-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-162-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-161-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-163-0x00000000099A0000-0x00000000099B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-166-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-168-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-173-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-174-0x00000000099A0000-0x00000000099B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-176-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-177-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-180-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-182-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-187-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-188-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-190-0x0000000007220000-0x0000000007230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-192-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-197-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-196-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-205-0x0000000009910000-0x0000000009920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-206-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-207-0x00000000099A0000-0x00000000099B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-210-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-211-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-213-0x00000000099A0000-0x00000000099B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-214-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4812-219-0x0000000008580000-0x0000000008590000-memory.dmp

    Filesize

    64KB

    Download