Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    219s
  • max time network
    276s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 20:50

General

  • Target

    Tournament_Fixer/AdditionalRuntimes/hwinfo64.exe

  • Size

    106KB

  • MD5

    ecd7dfabad7a43c6cfdc32a9eca0f009

  • SHA1

    04b3da76325a1db19c81af8325393cca9ab37b5b

  • SHA256

    e7cb51ca61a7a39d15ab73d9a3784141b9d818eb0040aa8bf7295d3336952662

  • SHA512

    ae106ab825b8b54c3101257b75b97e14fdccff000b7a2a89d08e4fb291be880e12e3362d1c3252ffb7a1241581c68295a653796630663bf9862cabd86206c814

  • SSDEEP

    1536:/7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf/wJvHPOeBW+jCa2:z7DhdC6kzWypvaQ0FxyNTBf/oHWeNea2

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 64 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\hwinfo64.exe
    "C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\hwinfo64.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3BC1.tmp\3BC2.tmp\3BD2.bat C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\hwinfo64.exe"
      2⤵
      • Drops file in Windows directory
      PID:5012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3BC1.tmp\3BC2.tmp\3BD2.bat

    Filesize

    17KB

    MD5

    b167ed32d02958ecb5da9970588d75bd

    SHA1

    9e228b33c211ee61643e8552274d02f5ed0364b8

    SHA256

    bfe45fae74d911a3b6be21e044f061526362206af32d608aad05d1dc0002098f

    SHA512

    8bf1ea0765ccc924e95f57e69e2502efa75d86242338091ca939ac8830db6b991a9b4901d7c1a83c3fae6eaaef27a35f462abb32d2a5913203917834d5be00a3