Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

CUFFED (UL...D).mp3

windows10-1703-x64

1

Analysis

  • max time kernel
    195s
  • max time network
    197s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/07/2024, 13:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CUFFED (ULTRA SLOWED).mp3

  • Size

    2.5MB

  • MD5

    6e7c596e8727edc6595f17cc490b00b9

  • SHA1

    1c3ed994811d1ee79f692ef6a69a9339c3c67d65

  • SHA256

    8889cc10324fafe126c861cea6f355720a76fa76ecc8ac2c738b79bbdddd87d2

  • SHA512

    8287b7b8fa67800212504d6ab0bf0d6bf576ec5e94c04fac2235bb700d3bbea977d2ed1d2e30220339cdc4b3430ce44e989ab23994d50f9eab50731f6a1539ca

  • SSDEEP

    49152:3hyeIribxd8MVYBuwStIyGB1Ium4mhkzcw1FTVWNqEW232r2LWa7RxI:xjvQAYBO+3BZFVHujW0EUhDI

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 10 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\CUFFED (ULTRA SLOWED).mp3"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1716
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x330
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4488
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
      PID:3460
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      1⤵
        PID:2932

      Network

      • flag-us
        DNS
        30.243.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        30.243.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        252.15.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        252.15.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      No results found
      • 8.8.8.8:53
        30.243.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        30.243.111.52.in-addr.arpa

      • 8.8.8.8:53
        252.15.104.51.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        252.15.104.51.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1716-8-0x00007FFE33FC0000-0x00007FFE33FF4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1716-7-0x00007FF74C180000-0x00007FF74C278000-memory.dmp

        Filesize

        992KB

        Download

      • memory/1716-16-0x00007FFE2D420000-0x00007FFE2D431000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1716-15-0x00007FFE2D740000-0x00007FFE2D75D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/1716-9-0x00007FFE2C900000-0x00007FFE2CBB6000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1716-14-0x00007FFE2D780000-0x00007FFE2D791000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1716-17-0x00007FFE1DE00000-0x00007FFE1E00B000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1716-13-0x00007FFE30540000-0x00007FFE30557000-memory.dmp

        Filesize

        92KB

        Download

      • memory/1716-12-0x00007FFE30560000-0x00007FFE30571000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1716-11-0x00007FFE30580000-0x00007FFE30597000-memory.dmp

        Filesize

        92KB

        Download

      • memory/1716-10-0x00007FFE31750000-0x00007FFE31768000-memory.dmp

        Filesize

        96KB

        Download

      • memory/1716-25-0x00007FFE2D140000-0x00007FFE2D15B000-memory.dmp

        Filesize

        108KB

        Download

      • memory/1716-24-0x00007FFE2D160000-0x00007FFE2D171000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1716-23-0x00007FFE2D180000-0x00007FFE2D191000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1716-22-0x00007FFE2D1A0000-0x00007FFE2D1B1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1716-21-0x00007FFE2D1C0000-0x00007FFE2D1D8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/1716-20-0x00007FFE2D3A0000-0x00007FFE2D3C1000-memory.dmp

        Filesize

        132KB

        Download

      • memory/1716-19-0x00007FFE2D3D0000-0x00007FFE2D411000-memory.dmp

        Filesize

        260KB

        Download

      • memory/1716-18-0x00007FFE1CD50000-0x00007FFE1DE00000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/1716-37-0x00007FFE1CD50000-0x00007FFE1DE00000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/1716-49-0x00007FFE2C900000-0x00007FFE2CBB6000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1716-58-0x00007FFE1CD50000-0x00007FFE1DE00000-memory.dmp

        Filesize

        16.7MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.