Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Xeno[1].exe

windows11-21h2-x64

10

Restructur...Ad.cda

windows11-21h2-x64

1

Restructur...es.cda

windows11-21h2-x64

1

Restructur...go.cda

windows11-21h2-x64

1

Restructur...ck.cda

windows11-21h2-x64

1

Restructur...nk.cda

windows11-21h2-x64

1

Restructur...ic.cda

windows11-21h2-x64

1

Restructur...ng.cda

windows11-21h2-x64

1

Restructur...lk.cda

windows11-21h2-x64

1

Restructur...ty.cab

windows11-21h2-x64

1

Avenue

windows11-21h2-x64

1

Chi

windows11-21h2-x64

1

Congratulations

windows11-21h2-x64

1

Cw

windows11-21h2-x64

1

Devices

windows11-21h2-x64

1

Drivers

windows11-21h2-x64

1

Emails

windows11-21h2-x64

1

Independently

windows11-21h2-x64

1

Levy

windows11-21h2-x64

1

Moments

windows11-21h2-x64

1

Purchased

windows11-21h2-x64

1

They

windows11-21h2-x64

1

Restructur...st.cda

windows11-21h2-x64

1

Restructur...um.cda

windows11-21h2-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13/03/2025, 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RestructuringStorage/Tourist.cda

  • Size

    94KB

  • MD5

    8d4baa550a8e4b3943d7990961be56df

  • SHA1

    a19e5ea61e8c63fc5673787bb00cd2bf17490f84

  • SHA256

    e4a4d8a6051597941bab63ac4a2d83501978436d9826496760d9841d46e031b0

  • SHA512

    6a354adff672dad0c64135d896068ee2406d3721b72e5b935ce9f4ca7b8e089ed5737cad24d76c5a1804fd41a561e5cb5276c13faab48f602e32eb2fad03f56b

  • SSDEEP

    1536:CxdZvXtBarQsLUlMFa0hYFEmXllqQvQBuNBZtPC4p6PiqqHzqrl32lZM3vtO7Tl:wdZtkrQsLUl8aS7GlqQvbZtq4MKTzolA

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\RestructuringStorage\Tourist.cda"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4560-0-0x00007FF6234A0000-0x00007FF623598000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4560-1-0x00007FFBE1CB0000-0x00007FFBE1CE4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4560-7-0x00007FFBE5980000-0x00007FFBE5991000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4560-9-0x00007FFBE1D60000-0x00007FFBE1D71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4560-8-0x00007FFBE4A00000-0x00007FFBE4A1D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4560-10-0x00007FFBD0210000-0x00007FFBD041B000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4560-6-0x00007FFBE7110000-0x00007FFBE7127000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4560-5-0x00007FFBE7220000-0x00007FFBE7231000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4560-4-0x00007FFBEB110000-0x00007FFBEB127000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4560-3-0x00007FFBEB160000-0x00007FFBEB178000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4560-2-0x00007FFBE17D0000-0x00007FFBE1A86000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4560-24-0x00007FFBE1020000-0x00007FFBE1031000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4560-23-0x00007FFBE1040000-0x00007FFBE10BC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/4560-26-0x00007FFBCED80000-0x00007FFBCED92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4560-11-0x00007FFBCF160000-0x00007FFBD0210000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/4560-25-0x00007FFBE0B20000-0x00007FFBE0B77000-memory.dmp

    Filesize

    348KB

    Download

  • memory/4560-22-0x00007FFBE10C0000-0x00007FFBE1127000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4560-17-0x00007FFBE16C0000-0x00007FFBE16D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4560-16-0x00007FFBE16E0000-0x00007FFBE16F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4560-15-0x00007FFBE1700000-0x00007FFBE1711000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4560-14-0x00007FFBE1720000-0x00007FFBE1738000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4560-27-0x0000022B02450000-0x0000022B03CBF000-memory.dmp

    Filesize

    24.4MB

    Download

  • memory/4560-13-0x00007FFBE1B30000-0x00007FFBE1B51000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4560-12-0x00007FFBE1740000-0x00007FFBE1781000-memory.dmp

    Filesize

    260KB

    Download

  • memory/4560-21-0x00007FFBE1130000-0x00007FFBE1160000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4560-20-0x00007FFBE1160000-0x00007FFBE1178000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4560-19-0x00007FFBE1680000-0x00007FFBE1691000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4560-18-0x00007FFBE16A0000-0x00007FFBE16BB000-memory.dmp

    Filesize

    108KB

    Download