Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    234s
  • max time network
    276s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 20:50

General

  • Target

    Tournament_Fixer/AdditionalRuntimes/jsg.exe

  • Size

    43KB

  • MD5

    6fbe881f1d6480e2e15d3ebe0f493d2d

  • SHA1

    f698079150df242e156223f1b3e46f449bc01415

  • SHA256

    49b84540d5b4b8d2344c25edb042e216592dd1dc78a5c00f2ad9457442c4581c

  • SHA512

    2084a64ab503e214854e02dcb1ed8bff7cab40dad64cb624326d42a087f343a74b7470956c681268725e0ec2f8ab13182c814356d6d6d066a2b0c6da290d16ef

  • SSDEEP

    768:jI2Er0ofK5/lQ0YSHiZka7NgpNGYzsUSy9PlQbb3tqDDiNeH4jx9rHcKHL4R:jIL4ofg/lTYSHSMPdiTyCzx9FHL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Gathers network information 2 TTPs 3 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\jsg.exe
    "C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\jsg.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ipconfig /flushdns > nul 2> nul
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:452
      • C:\Windows\system32\ipconfig.exe
        ipconfig /flushdns
        3⤵
        • Gathers network information
        PID:1020
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ipconfig /release > nul 2> nul
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4900
      • C:\Windows\system32\ipconfig.exe
        ipconfig /release
        3⤵
        • Gathers network information
        PID:3288
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ipconfig /renew > nul 2> nul
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3824
      • C:\Windows\system32\ipconfig.exe
        ipconfig /renew
        3⤵
        • Gathers network information
        PID:4128
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c .\reset_adapters.exe
      2⤵
        PID:5068
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c pause
        2⤵
          PID:1048
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4112,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:8
        1⤵
          PID:1004

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads