Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Data/Data.pkg

macos-10.15-amd64

Data/MiniGames.pkg

macos-10.15-amd64

Data/Wallpapers.pkg

macos-10.15-amd64

Modmanager.exe

windows7-x64

1

Modmanager.exe

windows10-2004-x64

3

Updater.exe

windows7-x64

1

Updater.exe

windows10-2004-x64

1

fmodex64.dll

windows7-x64

1

fmodex64.dll

windows10-2004-x64

1

unrar.dll

windows7-x64

3

unrar.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2023, 18:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Modmanager.exe

  • Size

    2.4MB

  • MD5

    4af457638a2ebefc07818fa75c21c686

  • SHA1

    1c8f7c9d0485c974cf7e98f9d052313b1cc9ff87

  • SHA256

    354fc3ab4e9464387409168345f203afe41ce8270473af3261612b08660ee121

  • SHA512

    81e96211ff11e6691400a0f210732890091642c3ff69edad390b7aef68c4ea8277933035cf082690c1d2dcdeed6fe8f52d2df9dacdaf05f0f9f66ceb83bb9a5e

  • SSDEEP

    49152:gP4yASgEvpG3lcmWkHwCjKteTRpDb5Tj/VJ:rEI3fN0eTP

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Modmanager.exe
    "C:\Users\Admin\AppData\Local\Temp\Modmanager.exe"
    1⤵
      PID:1128
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 1128 -s 1204
        2⤵
        • Program crash
        PID:1416
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4ac 0x4fc
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4864
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 432 -p 1128 -ip 1128
      1⤵
        PID:452

      Network

      • flag-us
        DNS
        133.211.185.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.211.185.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        131.17.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        131.17.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        196.249.167.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        196.249.167.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.150.49.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.150.49.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        63.13.109.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        63.13.109.52.in-addr.arpa
        IN PTR
        Response
      • 52.242.101.226:443
        260 B
         5
      • 51.11.192.49:443
        322 B
         7
      • 52.242.101.226:443
        260 B
         5
      • 209.197.3.8:80
        322 B
         7
      • 52.242.101.226:443
        260 B
         5
      • 52.242.101.226:443
        260 B
         5
      • 52.242.101.226:443
        260 B
         5
      • 52.242.101.226:443
        260 B
         5
      • 8.8.8.8:53
        133.211.185.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        133.211.185.52.in-addr.arpa

      • 8.8.8.8:53
        131.17.126.40.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        131.17.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        196.249.167.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        196.249.167.52.in-addr.arpa

      • 8.8.8.8:53
        241.150.49.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.150.49.20.in-addr.arpa

      • 8.8.8.8:53
        63.13.109.52.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        63.13.109.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.