Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    223s
  • max time network
    275s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 20:50

General

  • Target

    Tournament_Fixer/AdditionalRuntimes/kwg.exe

  • Size

    111KB

  • MD5

    ab4ee884bbed29b2926986a7c2e41539

  • SHA1

    c380fdb7531dd6f38afd9639407897227dcf1931

  • SHA256

    93cb691d815882ea6f457dcf61a53037a06a7f808732c7b43bede692883c866e

  • SHA512

    9cbefd60bf5811d1973ba3ab7d77f268d5adff9753908946f1d2c162907ae353e725ae31ebdb2f1c72629a5d2f25e8d3e8987c063a628b74f423d6c1360748ba

  • SSDEEP

    1536:r7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfMwAHnwEp+qiGLbu:n7DhdC6kzWypvaQ0FxyNTBfM0O6

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\kwg.exe
    "C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\kwg.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3662.tmp\3663.tmp\3664.bat C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\kwg.exe"
      2⤵
        PID:3716

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\3662.tmp\3663.tmp\3664.bat

      Filesize

      22KB

      MD5

      981d727788f3a19185770ef07422f665

      SHA1

      c385d4b29e675d66e5e5321df58c2c2f8aff011c

      SHA256

      da0eed270a5528d0d85611d1f01952aee01bc5637481509e7e61cac17fe2edde

      SHA512

      7a49aa1647f2f6b4376ea7161d4de955fef8672bc5ae27bbdd759d0434e4f9301e46f22e8d3f02e920818999cf22cdbe05f2c9303f24c4f0ab2ca50d9dd4c6ad