Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 20:50

General

  • Target

    Tournament_Fixer/AdditionalRuntimes/tm.exe

  • Size

    123KB

  • MD5

    43bbbe399336a3a7f333688b08460a07

  • SHA1

    2482d7a138e59beba06782e1105ff594eddb8da0

  • SHA256

    37049e44004e4fa7f49f8998e1029645cd71f0140cd716bb4253763768af777d

  • SHA512

    0e411d31e2e51a8b1c0a1ffb8676b4f2e720f3440b3a5daa803095fb7ee3877da138aa6313d31d3389e2bb267ac475b18b5ce31ba17b03356b1fb56a83a06575

  • SSDEEP

    3072:3/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSW:+tzsb5Uh28+V1WW69B9VjMdxPedN9uge

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\tm.exe
    "C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\tm.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\40D2.tmp\40D3.tmp\40D4.bat C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\tm.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3984
      • C:\Windows\system32\PING.EXE
        ping /n 1 localhost
        3⤵
        • Runs ping.exe
        PID:3188
      • C:\Windows\system32\PING.EXE
        ping /n 1 localhost
        3⤵
        • Runs ping.exe
        PID:2172
      • C:\Windows\system32\PING.EXE
        ping /n 1 localhost
        3⤵
        • Runs ping.exe
        PID:2784
      • C:\Windows\system32\PING.EXE
        ping /n 2 localhost
        3⤵
        • Runs ping.exe
        PID:4808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\40D2.tmp\40D3.tmp\40D4.bat

    Filesize

    845B

    MD5

    54d18c0e0a34808017e53029d7875c09

    SHA1

    bca96014c545bd02f964cc3dd368b5c6ce9f2963

    SHA256

    6be64439c492ac7d840e56b01ba9691f30fbad8e9b296bfe55d0abbb2edc5fae

    SHA512

    95712df3c3bb07e561d778b0f95f9ab0a93def2d7111123dff22898565d059b10dc0ca13b1d528ed00ec77c511451d452b033bf8bf40898cb53eb9378f32a6b2