Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10FN-TOOLZ-m...AN.bat
windows10-2004-x64
10Tournament...ew.exe
windows10-2004-x64
6Tournament...al.dll
windows10-2004-x64
1Tournament...UI.dll
windows10-2004-x64
1Tournament...cl.exe
windows10-2004-x64
1Tournament...uz.exe
windows10-2004-x64
9Tournament...dc.exe
windows10-2004-x64
1Tournament...ft.exe
windows10-2004-x64
1Tournament...64.exe
windows10-2004-x64
1Tournament...32.exe
windows10-2004-x64
1Tournament...64.exe
windows10-2004-x64
4Tournament...fg.exe
windows10-2004-x64
3Tournament...sg.exe
windows10-2004-x64
3Tournament...sr.exe
windows10-2004-x64
10Tournament...wg.exe
windows10-2004-x64
1Tournament...sm.dll
windows10-2004-x64
1Tournament...xy.dll
windows10-2004-x64
7Tournament...ry.dll
windows10-2004-x64
1Tournament...ll.dll
windows10-2004-x64
1Tournament...pi.dll
windows10-2004-x64
1Tournament...32.dll
windows10-2004-x64
1Tournament...da.dll
windows10-2004-x64
1Tournament...ve.dll
windows10-2004-x64
1Tournament...70.dll
windows10-2004-x64
1Tournament...rl.exe
windows10-2004-x64
3Tournament...64.exe
windows10-2004-x64
3Tournament...cs.exe
windows10-2004-x64
8Tournament...64.exe
windows10-2004-x64
10Tournament...tm.exe
windows10-2004-x64
3Tournament...mc.exe
windows10-2004-x64
1FN-TOOLZ-m...er.exe
windows10-2004-x64
9FN-TOOLZ-m...er.bat
windows10-2004-x64
1Analysis
-
max time kernel
219s -
max time network
276s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 20:50
Behavioral task
behavioral1
Sample
FN-TOOLZ-main/FNCLEAN.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Tournament_Fixer/AdditionalRuntimes/DevManView.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Tournament_Fixer/AdditionalRuntimes/MCCSPal.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Tournament_Fixer/AdditionalRuntimes/MaintenanceUI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Tournament_Fixer/AdditionalRuntimes/ccl.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
Tournament_Fixer/AdditionalRuntimes/cpuz.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Tournament_Fixer/AdditionalRuntimes/ddc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
Tournament_Fixer/AdditionalRuntimes/hssft.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Tournament_Fixer/AdditionalRuntimes/hwbd64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
Tournament_Fixer/AdditionalRuntimes/hwinfo32.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
Tournament_Fixer/AdditionalRuntimes/hwinfo64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral12
Sample
Tournament_Fixer/AdditionalRuntimes/jfg.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Tournament_Fixer/AdditionalRuntimes/jsg.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral14
Sample
Tournament_Fixer/AdditionalRuntimes/jsr.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Tournament_Fixer/AdditionalRuntimes/kwg.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral16
Sample
Tournament_Fixer/AdditionalRuntimes/lsm.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Tournament_Fixer/AdditionalRuntimes/lsmproxy.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
Tournament_Fixer/AdditionalRuntimes/lstelemetry.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Tournament_Fixer/AdditionalRuntimes/luainstall.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
Tournament_Fixer/AdditionalRuntimes/luiapi.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Tournament_Fixer/AdditionalRuntimes/lz32.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral22
Sample
Tournament_Fixer/AdditionalRuntimes/mcicda.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Tournament_Fixer/AdditionalRuntimes/mciwave.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral24
Sample
Tournament_Fixer/AdditionalRuntimes/mfc70.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
Tournament_Fixer/AdditionalRuntimes/nvrl.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral26
Sample
Tournament_Fixer/AdditionalRuntimes/nvrl64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Tournament_Fixer/AdditionalRuntimes/tcs.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral28
Sample
Tournament_Fixer/AdditionalRuntimes/tcs64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
Tournament_Fixer/AdditionalRuntimes/tm.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral30
Sample
Tournament_Fixer/AdditionalRuntimes/wmc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
FN-TOOLZ-main/applecleaner.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral32
Sample
FN-TOOLZ-main/serial_checker.bat
Resource
win10v2004-20240508-en
General
-
Target
Tournament_Fixer/AdditionalRuntimes/hwinfo64.exe
-
Size
106KB
-
MD5
ecd7dfabad7a43c6cfdc32a9eca0f009
-
SHA1
04b3da76325a1db19c81af8325393cca9ab37b5b
-
SHA256
e7cb51ca61a7a39d15ab73d9a3784141b9d818eb0040aa8bf7295d3336952662
-
SHA512
ae106ab825b8b54c3101257b75b97e14fdccff000b7a2a89d08e4fb291be880e12e3362d1c3252ffb7a1241581c68295a653796630663bf9862cabd86206c814
-
SSDEEP
1536:/7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf/wJvHPOeBW+jCa2:z7DhdC6kzWypvaQ0FxyNTBf/oHWeNea2
Malware Config
Signatures
-
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\INF\netl1c63x64.inf cmd.exe File opened for modification C:\Windows\INF\c_usbfn.inf cmd.exe File opened for modification C:\Windows\INF\HidTelephonyDriver.inf cmd.exe File opened for modification C:\Windows\INF\c_fscopyprotection.inf cmd.exe File opened for modification C:\Windows\INF\c_processor.inf cmd.exe File opened for modification C:\Windows\INF\ESENT\0410\esentprf.ini cmd.exe File opened for modification C:\Windows\INF\mdmlucnt.inf cmd.exe File opened for modification C:\Windows\INF\mdmpin.inf cmd.exe File opened for modification C:\Windows\INF\netwbw02.inf cmd.exe File opened for modification C:\Windows\INF\.NET CLR Networking 4.0.0.0\_NetworkingPerfCounters.h cmd.exe File opened for modification C:\Windows\INF\cht4sx64.inf cmd.exe File opened for modification C:\Windows\INF\UGTHRSVC\gthrctr.h cmd.exe File opened for modification C:\Windows\INF\wpdmtphw.inf cmd.exe File opened for modification C:\Windows\INF\sdstor.inf cmd.exe File opened for modification C:\Windows\INF\SERVIC~2.0\0C0A\_ServiceModelOperationPerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\v_mscdsc.inf cmd.exe File opened for modification C:\Windows\INF\mdmtron.inf cmd.exe File opened for modification C:\Windows\INF\mtconfig.inf cmd.exe File opened for modification C:\Windows\INF\ts_generic.inf cmd.exe File opened for modification C:\Windows\INF\vhdmp.inf cmd.exe File opened for modification C:\Windows\INF\.NET CLR Networking 4.0.0.0\0411\_Networkingperfcounters_d.ini cmd.exe File opened for modification C:\Windows\INF\mdmmts.inf cmd.exe File opened for modification C:\Windows\INF\netrtwlane.inf cmd.exe File opened for modification C:\Windows\INF\TermService\040C\tslabels.ini cmd.exe File opened for modification C:\Windows\INF\netbxnda.inf cmd.exe File opened for modification C:\Windows\INF\SERVIC~3.0\040C\_ServiceModelServicePerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\arcsas.inf cmd.exe File opened for modification C:\Windows\INF\c_barcodescanner.inf cmd.exe File opened for modification C:\Windows\INF\rdyboost\0409\ReadyBoostPerfCounters.ini cmd.exe File opened for modification C:\Windows\INF\wsynth3dvsc.inf cmd.exe File opened for modification C:\Windows\INF\iaLPSS2i_I2C_GLK.inf cmd.exe File opened for modification C:\Windows\INF\MSDTCB~1.0\0409\_TransactionBridgePerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\wdmvsc.inf cmd.exe File opened for modification C:\Windows\INF\whyperkbd.inf cmd.exe File opened for modification C:\Windows\INF\amdgpio2.inf cmd.exe File opened for modification C:\Windows\INF\b57nd60a.inf cmd.exe File opened for modification C:\Windows\INF\msdri.inf cmd.exe File opened for modification C:\Windows\INF\mdmagm64.inf cmd.exe File opened for modification C:\Windows\INF\UGatherer\0C0A\gsrvctr.ini cmd.exe File opened for modification C:\Windows\INF\MSDTC\040C\msdtcprf.ini cmd.exe File opened for modification C:\Windows\INF\netserv.inf cmd.exe File opened for modification C:\Windows\INF\wsdscdrv.inf cmd.exe File opened for modification C:\Windows\INF\mdmar1.inf cmd.exe File opened for modification C:\Windows\INF\megasas.inf cmd.exe File opened for modification C:\Windows\INF\wmiacpi.inf cmd.exe File opened for modification C:\Windows\INF\c_infrared.inf cmd.exe File opened for modification C:\Windows\INF\mdmomrn3.inf cmd.exe File opened for modification C:\Windows\INF\.NET CLR Networking 4.0.0.0\0407\_Networkingperfcounters_d.ini cmd.exe File opened for modification C:\Windows\INF\hidi2c.inf cmd.exe File opened for modification C:\Windows\INF\ndisvirtualbus.inf cmd.exe File opened for modification C:\Windows\INF\wvmic_kvpexchange.inf cmd.exe File opened for modification C:\Windows\INF\rdlsbuscbs.inf cmd.exe File opened for modification C:\Windows\INF\c_tapedrive.inf cmd.exe File opened for modification C:\Windows\INF\ehstortcgdrv.inf cmd.exe File opened for modification C:\Windows\INF\mdmcxhv6.inf cmd.exe File opened for modification C:\Windows\INF\microsoft_bluetooth_hfp_ag.inf cmd.exe File opened for modification C:\Windows\INF\mwlu97w8x64.inf cmd.exe File opened for modification C:\Windows\INF\.NET Data Provider for Oracle\040C\_DataOracleClientPerfCounters_shared12_neutral_d.ini cmd.exe File opened for modification C:\Windows\INF\c_fsundelete.inf cmd.exe File opened for modification C:\Windows\INF\WINDOW~1.0\0C0A\PerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\c_battery.inf cmd.exe File opened for modification C:\Windows\INF\mdmarn.inf cmd.exe File opened for modification C:\Windows\INF\TermService\0411\tslabels.ini cmd.exe File opened for modification C:\Windows\INF\c_hidclass.inf cmd.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1396 wrote to memory of 5012 1396 hwinfo64.exe 83 PID 1396 wrote to memory of 5012 1396 hwinfo64.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\hwinfo64.exe"C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\hwinfo64.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3BC1.tmp\3BC2.tmp\3BD2.bat C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\hwinfo64.exe"2⤵
- Drops file in Windows directory
PID:5012
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD5b167ed32d02958ecb5da9970588d75bd
SHA19e228b33c211ee61643e8552274d02f5ed0364b8
SHA256bfe45fae74d911a3b6be21e044f061526362206af32d608aad05d1dc0002098f
SHA5128bf1ea0765ccc924e95f57e69e2502efa75d86242338091ca939ac8830db6b991a9b4901d7c1a83c3fae6eaaef27a35f462abb32d2a5913203917834d5be00a3