Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10FN-TOOLZ-m...AN.bat
windows10-2004-x64
10Tournament...ew.exe
windows10-2004-x64
6Tournament...al.dll
windows10-2004-x64
1Tournament...UI.dll
windows10-2004-x64
1Tournament...cl.exe
windows10-2004-x64
1Tournament...uz.exe
windows10-2004-x64
9Tournament...dc.exe
windows10-2004-x64
1Tournament...ft.exe
windows10-2004-x64
1Tournament...64.exe
windows10-2004-x64
1Tournament...32.exe
windows10-2004-x64
1Tournament...64.exe
windows10-2004-x64
4Tournament...fg.exe
windows10-2004-x64
3Tournament...sg.exe
windows10-2004-x64
3Tournament...sr.exe
windows10-2004-x64
10Tournament...wg.exe
windows10-2004-x64
1Tournament...sm.dll
windows10-2004-x64
1Tournament...xy.dll
windows10-2004-x64
7Tournament...ry.dll
windows10-2004-x64
1Tournament...ll.dll
windows10-2004-x64
1Tournament...pi.dll
windows10-2004-x64
1Tournament...32.dll
windows10-2004-x64
1Tournament...da.dll
windows10-2004-x64
1Tournament...ve.dll
windows10-2004-x64
1Tournament...70.dll
windows10-2004-x64
1Tournament...rl.exe
windows10-2004-x64
3Tournament...64.exe
windows10-2004-x64
3Tournament...cs.exe
windows10-2004-x64
8Tournament...64.exe
windows10-2004-x64
10Tournament...tm.exe
windows10-2004-x64
3Tournament...mc.exe
windows10-2004-x64
1FN-TOOLZ-m...er.exe
windows10-2004-x64
9FN-TOOLZ-m...er.bat
windows10-2004-x64
1Analysis
-
max time kernel
93s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 20:50
Behavioral task
behavioral1
Sample
FN-TOOLZ-main/FNCLEAN.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Tournament_Fixer/AdditionalRuntimes/DevManView.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Tournament_Fixer/AdditionalRuntimes/MCCSPal.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Tournament_Fixer/AdditionalRuntimes/MaintenanceUI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Tournament_Fixer/AdditionalRuntimes/ccl.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
Tournament_Fixer/AdditionalRuntimes/cpuz.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Tournament_Fixer/AdditionalRuntimes/ddc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
Tournament_Fixer/AdditionalRuntimes/hssft.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Tournament_Fixer/AdditionalRuntimes/hwbd64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
Tournament_Fixer/AdditionalRuntimes/hwinfo32.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
Tournament_Fixer/AdditionalRuntimes/hwinfo64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral12
Sample
Tournament_Fixer/AdditionalRuntimes/jfg.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Tournament_Fixer/AdditionalRuntimes/jsg.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral14
Sample
Tournament_Fixer/AdditionalRuntimes/jsr.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Tournament_Fixer/AdditionalRuntimes/kwg.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral16
Sample
Tournament_Fixer/AdditionalRuntimes/lsm.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Tournament_Fixer/AdditionalRuntimes/lsmproxy.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
Tournament_Fixer/AdditionalRuntimes/lstelemetry.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Tournament_Fixer/AdditionalRuntimes/luainstall.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
Tournament_Fixer/AdditionalRuntimes/luiapi.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Tournament_Fixer/AdditionalRuntimes/lz32.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral22
Sample
Tournament_Fixer/AdditionalRuntimes/mcicda.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Tournament_Fixer/AdditionalRuntimes/mciwave.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral24
Sample
Tournament_Fixer/AdditionalRuntimes/mfc70.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
Tournament_Fixer/AdditionalRuntimes/nvrl.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral26
Sample
Tournament_Fixer/AdditionalRuntimes/nvrl64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Tournament_Fixer/AdditionalRuntimes/tcs.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral28
Sample
Tournament_Fixer/AdditionalRuntimes/tcs64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
Tournament_Fixer/AdditionalRuntimes/tm.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral30
Sample
Tournament_Fixer/AdditionalRuntimes/wmc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
FN-TOOLZ-main/applecleaner.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral32
Sample
FN-TOOLZ-main/serial_checker.bat
Resource
win10v2004-20240508-en
General
-
Target
Tournament_Fixer/AdditionalRuntimes/tm.exe
-
Size
123KB
-
MD5
43bbbe399336a3a7f333688b08460a07
-
SHA1
2482d7a138e59beba06782e1105ff594eddb8da0
-
SHA256
37049e44004e4fa7f49f8998e1029645cd71f0140cd716bb4253763768af777d
-
SHA512
0e411d31e2e51a8b1c0a1ffb8676b4f2e720f3440b3a5daa803095fb7ee3877da138aa6313d31d3389e2bb267ac475b18b5ce31ba17b03356b1fb56a83a06575
-
SSDEEP
3072:3/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSW:+tzsb5Uh28+V1WW69B9VjMdxPedN9uge
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs ping.exe 1 TTPs 4 IoCs
pid Process 3188 PING.EXE 2172 PING.EXE 2784 PING.EXE 4808 PING.EXE -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 2264 wrote to memory of 3984 2264 tm.exe 83 PID 2264 wrote to memory of 3984 2264 tm.exe 83 PID 3984 wrote to memory of 3188 3984 cmd.exe 84 PID 3984 wrote to memory of 3188 3984 cmd.exe 84 PID 3984 wrote to memory of 2172 3984 cmd.exe 85 PID 3984 wrote to memory of 2172 3984 cmd.exe 85 PID 3984 wrote to memory of 2784 3984 cmd.exe 86 PID 3984 wrote to memory of 2784 3984 cmd.exe 86 PID 3984 wrote to memory of 4808 3984 cmd.exe 87 PID 3984 wrote to memory of 4808 3984 cmd.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\tm.exe"C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\tm.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\40D2.tmp\40D3.tmp\40D4.bat C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\tm.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:3984 -
C:\Windows\system32\PING.EXEping /n 1 localhost3⤵
- Runs ping.exe
PID:3188
-
-
C:\Windows\system32\PING.EXEping /n 1 localhost3⤵
- Runs ping.exe
PID:2172
-
-
C:\Windows\system32\PING.EXEping /n 1 localhost3⤵
- Runs ping.exe
PID:2784
-
-
C:\Windows\system32\PING.EXEping /n 2 localhost3⤵
- Runs ping.exe
PID:4808
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
845B
MD554d18c0e0a34808017e53029d7875c09
SHA1bca96014c545bd02f964cc3dd368b5c6ce9f2963
SHA2566be64439c492ac7d840e56b01ba9691f30fbad8e9b296bfe55d0abbb2edc5fae
SHA51295712df3c3bb07e561d778b0f95f9ab0a93def2d7111123dff22898565d059b10dc0ca13b1d528ed00ec77c511451d452b033bf8bf40898cb53eb9378f32a6b2