Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
6Static
static
4Terabox_1.32.0.1.exe
windows10-ltsc 2021-x64
6$PLUGINSDI...fg.ini
windows10-ltsc 2021-x64
1$PLUGINSDI...fo.xml
windows10-ltsc 2021-x64
3AppProperty.xml
windows10-ltsc 2021-x64
3AutoUpdate...fo.xml
windows10-ltsc 2021-x64
3AutoUpdate/config.ini
windows10-ltsc 2021-x64
1CEF license.txt
windows10-ltsc 2021-x64
1ChromeManifest.json
windows10-ltsc 2021-x64
3DuiEngine license.txt
windows10-ltsc 2021-x64
1TeraBoxTor...le.ico
windows10-ltsc 2021-x64
3VersionInfo
windows10-ltsc 2021-x64
1VersionInfo2
windows10-ltsc 2021-x64
1autobackup.ico
windows10-ltsc 2021-x64
3browserres/cef.pak
windows10-ltsc 2021-x64
3browserres...nt.pak
windows10-ltsc 2021-x64
3browserres...nt.pak
windows10-ltsc 2021-x64
3browserres...ns.pak
windows10-ltsc 2021-x64
3browserres...es.pak
windows10-ltsc 2021-x64
3browserres...US.pak
windows10-ltsc 2021-x64
3browserres...CN.pak
windows10-ltsc 2021-x64
3cacert.pem
windows10-ltsc 2021-x64
3icudtl.dat
windows10-ltsc 2021-x64
3module/Ter...ist.db
windows10-ltsc 2021-x64
3resource.db
windows10-ltsc 2021-x64
3skin/skin.zip
windows10-ltsc 2021-x64
1snapshot_blob.bin
windows10-ltsc 2021-x64
3sounds/1.wav
windows10-ltsc 2021-x64
1sounds/2.wav
windows10-ltsc 2021-x64
1sounds/3.wav
windows10-ltsc 2021-x64
1sounds/4.wav
windows10-ltsc 2021-x64
1terabox_ex...me.zip
windows10-ltsc 2021-x64
1terabox_logo.ico
windows10-ltsc 2021-x64
3Resubmissions
27/11/2024, 20:39
241127-zfpdtszjes 627/11/2024, 20:33
241127-zbwbksvqhl 625/11/2024, 22:14
241125-15w1mswlcp 625/11/2024, 20:57
241125-zryrmswke1 628/09/2024, 18:21
240928-wzje5ssdlc 10Analysis
-
max time kernel
111s -
max time network
109s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
25/11/2024, 22:14
Behavioral task
behavioral1
Sample
Terabox_1.32.0.1.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SetupCfg.ini
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/VersionInfo.xml
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
AppProperty.xml
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral5
Sample
AutoUpdate/VersionInfo.xml
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral6
Sample
AutoUpdate/config.ini
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral7
Sample
CEF license.txt
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral8
Sample
ChromeManifest.json
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral9
Sample
DuiEngine license.txt
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral10
Sample
TeraBoxTorrentFile.ico
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral11
Sample
VersionInfo
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral12
Sample
VersionInfo2
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral13
Sample
autobackup.ico
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral14
Sample
browserres/cef.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral15
Sample
browserres/cef_100_percent.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral16
Sample
browserres/cef_200_percent.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral17
Sample
browserres/cef_extensions.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral18
Sample
browserres/devtools_resources.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral19
Sample
browserres/locales/en-US.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral20
Sample
browserres/locales/zh-CN.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral21
Sample
cacert.pem
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral22
Sample
icudtl.dat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral23
Sample
module/TeraBoxModuleList.db
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral24
Sample
resource.db
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral25
Sample
skin/skin.zip
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral26
Sample
snapshot_blob.bin
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral27
Sample
sounds/1.wav
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral28
Sample
sounds/2.wav
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral29
Sample
sounds/3.wav
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral30
Sample
sounds/4.wav
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral31
Sample
terabox_ext_chrome.zip
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral32
Sample
terabox_logo.ico
Resource
win10ltsc2021-20241023-en
General
-
Target
sounds/4.wav
-
Size
123KB
-
MD5
0616ba6aa33fcc59c46f7edaea9b3e9e
-
SHA1
de8c5b7aa0fad5b935f11d92ba06adfca744cdbd
-
SHA256
564eeafa8c6eebcd622883c2acf0addb3c8537a52cc47e80e0ebf52e23f66900
-
SHA512
be6fd3fe877f1128af6d48bafd628889c7f0cc424282a597a5d5dc36dc290d05bfa57d1863673659548ffdfd8f586ecbc59c4b022629ce9b1e50643ccce7d2e4
-
SSDEEP
1536:ZJFxkxpx2cAfdvjpxBOeWssCLKBuovpY84HyMSuZ5aHxOreLl95vof376bOrDGtm:HjOpZMhWCLKB/Ne5nrW5voz9PG4k
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1952 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1952 vlc.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 4376 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4376 AUDIODG.EXE Token: 33 1952 vlc.exe Token: SeIncBasePriorityPrivilege 1952 vlc.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe -
Suspicious use of SendNotifyMessage 7 IoCs
pid Process 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe 1952 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1952 vlc.exe
Processes
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\4.wav"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1952
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4e4 0x2ec1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4376