Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3Data/Data.pkg
macos-10.15-amd64
Data/MiniGames.pkg
macos-10.15-amd64
Data/Wallpapers.pkg
macos-10.15-amd64
Modmanager.exe
windows7-x64
1Modmanager.exe
windows10-2004-x64
3Updater.exe
windows7-x64
1Updater.exe
windows10-2004-x64
1fmodex64.dll
windows7-x64
1fmodex64.dll
windows10-2004-x64
1unrar.dll
windows7-x64
3unrar.dll
windows10-2004-x64
3Analysis
-
max time kernel
135s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
20/05/2023, 18:33 UTC
Static task
static1
Behavioral task
behavioral1
Sample
Data/Data.pkg
Resource
macos-20220504-en
Behavioral task
behavioral2
Sample
Data/MiniGames.pkg
Resource
macos-20220504-en
Behavioral task
behavioral3
Sample
Data/Wallpapers.pkg
Resource
macos-20220504-en
Behavioral task
behavioral4
Sample
Modmanager.exe
Resource
win7-20230220-en
Behavioral task
behavioral5
Sample
Modmanager.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
Updater.exe
Resource
win7-20230220-en
Behavioral task
behavioral7
Sample
Updater.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral8
Sample
fmodex64.dll
Resource
win7-20230220-en
Behavioral task
behavioral9
Sample
fmodex64.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
unrar.dll
Resource
win7-20230220-en
Behavioral task
behavioral11
Sample
unrar.dll
Resource
win10v2004-20230220-en
General
-
Target
Modmanager.exe
-
Size
2.4MB
-
MD5
4af457638a2ebefc07818fa75c21c686
-
SHA1
1c8f7c9d0485c974cf7e98f9d052313b1cc9ff87
-
SHA256
354fc3ab4e9464387409168345f203afe41ce8270473af3261612b08660ee121
-
SHA512
81e96211ff11e6691400a0f210732890091642c3ff69edad390b7aef68c4ea8277933035cf082690c1d2dcdeed6fe8f52d2df9dacdaf05f0f9f66ceb83bb9a5e
-
SSDEEP
49152:gP4yASgEvpG3lcmWkHwCjKteTRpDb5Tj/VJ:rEI3fN0eTP
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1416 1128 WerFault.exe 80 -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4864 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4864 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\Modmanager.exe"C:\Users\Admin\AppData\Local\Temp\Modmanager.exe"1⤵PID:1128
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1128 -s 12042⤵
- Program crash
PID:1416
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4ac 0x4fc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 432 -p 1128 -ip 11281⤵PID:452
Network
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request131.17.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request63.13.109.52.in-addr.arpaIN PTRResponse
-
260 B 5
-
322 B 7
-
260 B 5
-
322 B 7
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
131.17.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.150.49.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
63.13.109.52.in-addr.arpa