Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 20:50

General

  • Target

    Tournament_Fixer/AdditionalRuntimes/jfg.exe

  • Size

    43KB

  • MD5

    6fbe881f1d6480e2e15d3ebe0f493d2d

  • SHA1

    f698079150df242e156223f1b3e46f449bc01415

  • SHA256

    49b84540d5b4b8d2344c25edb042e216592dd1dc78a5c00f2ad9457442c4581c

  • SHA512

    2084a64ab503e214854e02dcb1ed8bff7cab40dad64cb624326d42a087f343a74b7470956c681268725e0ec2f8ab13182c814356d6d6d066a2b0c6da290d16ef

  • SSDEEP

    768:jI2Er0ofK5/lQ0YSHiZka7NgpNGYzsUSy9PlQbb3tqDDiNeH4jx9rHcKHL4R:jIL4ofg/lTYSHSMPdiTyCzx9FHL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Gathers network information 2 TTPs 3 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\jfg.exe
    "C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\jfg.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ipconfig /flushdns > nul 2> nul
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:448
      • C:\Windows\system32\ipconfig.exe
        ipconfig /flushdns
        3⤵
        • Gathers network information
        PID:5112
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ipconfig /release > nul 2> nul
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1152
      • C:\Windows\system32\ipconfig.exe
        ipconfig /release
        3⤵
        • Gathers network information
        PID:864
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ipconfig /renew > nul 2> nul
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Windows\system32\ipconfig.exe
        ipconfig /renew
        3⤵
        • Gathers network information
        PID:4868
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c .\reset_adapters.exe
      2⤵
        PID:4440
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c pause
        2⤵
          PID:3600

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads