Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
80s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
08/05/2024, 07:41
Static task
static1
Behavioral task
behavioral1
Sample
MAGINA x FORCE.mp3
Resource
win7-20240419-en
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
MAGINA x FORCE.mp3
Resource
win10v2004-20240419-en
3 signatures
150 seconds
General
-
Target
MAGINA x FORCE.mp3
-
Size
4.2MB
-
MD5
fed815ed1d8704ed2a32d3d6389c26a7
-
SHA1
07e11cb0639fe6d0b2f55f88de6e5752ab65b506
-
SHA256
26efa8b5bd37a5a0486311c7a983a6cca22c0887369889045325fa8a3e7dc908
-
SHA512
2382894774bb5edafbdc3314d9d53b694acd03bc337dae6c74a9dd4d0aa78375cf27e7558b74c21bbd3e83f7a393864af7734cb6813841c5dc766390dce67ef9
-
SSDEEP
49152:NaozkU9TJiiIMjdcHxeZhxfndmwuI6tALGkH9NUCKtejuJeBSmRT5DLztv4lzfB3:pzX9ZvnswuI5pd/e/yH14tyHnKQhkCeT
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1600 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1600 vlc.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1600 vlc.exe Token: SeIncBasePriorityPrivilege 1600 vlc.exe -
Suspicious use of FindShellTrayWindow 6 IoCs
pid Process 1600 vlc.exe 1600 vlc.exe 1600 vlc.exe 1600 vlc.exe 1600 vlc.exe 1600 vlc.exe -
Suspicious use of SendNotifyMessage 5 IoCs
pid Process 1600 vlc.exe 1600 vlc.exe 1600 vlc.exe 1600 vlc.exe 1600 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1600 vlc.exe
Processes
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\MAGINA x FORCE.mp3"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1600