Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10FN-TOOLZ-m...AN.bat
windows10-2004-x64
10Tournament...ew.exe
windows10-2004-x64
6Tournament...al.dll
windows10-2004-x64
1Tournament...UI.dll
windows10-2004-x64
1Tournament...cl.exe
windows10-2004-x64
1Tournament...uz.exe
windows10-2004-x64
9Tournament...dc.exe
windows10-2004-x64
1Tournament...ft.exe
windows10-2004-x64
1Tournament...64.exe
windows10-2004-x64
1Tournament...32.exe
windows10-2004-x64
1Tournament...64.exe
windows10-2004-x64
4Tournament...fg.exe
windows10-2004-x64
3Tournament...sg.exe
windows10-2004-x64
3Tournament...sr.exe
windows10-2004-x64
10Tournament...wg.exe
windows10-2004-x64
1Tournament...sm.dll
windows10-2004-x64
1Tournament...xy.dll
windows10-2004-x64
7Tournament...ry.dll
windows10-2004-x64
1Tournament...ll.dll
windows10-2004-x64
1Tournament...pi.dll
windows10-2004-x64
1Tournament...32.dll
windows10-2004-x64
1Tournament...da.dll
windows10-2004-x64
1Tournament...ve.dll
windows10-2004-x64
1Tournament...70.dll
windows10-2004-x64
1Tournament...rl.exe
windows10-2004-x64
3Tournament...64.exe
windows10-2004-x64
3Tournament...cs.exe
windows10-2004-x64
8Tournament...64.exe
windows10-2004-x64
10Tournament...tm.exe
windows10-2004-x64
3Tournament...mc.exe
windows10-2004-x64
1FN-TOOLZ-m...er.exe
windows10-2004-x64
9FN-TOOLZ-m...er.bat
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
274s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 20:50
Behavioral task
behavioral1
Sample
FN-TOOLZ-main/FNCLEAN.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Tournament_Fixer/AdditionalRuntimes/DevManView.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Tournament_Fixer/AdditionalRuntimes/MCCSPal.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Tournament_Fixer/AdditionalRuntimes/MaintenanceUI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Tournament_Fixer/AdditionalRuntimes/ccl.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
Tournament_Fixer/AdditionalRuntimes/cpuz.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Tournament_Fixer/AdditionalRuntimes/ddc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
Tournament_Fixer/AdditionalRuntimes/hssft.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Tournament_Fixer/AdditionalRuntimes/hwbd64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
Tournament_Fixer/AdditionalRuntimes/hwinfo32.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
Tournament_Fixer/AdditionalRuntimes/hwinfo64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral12
Sample
Tournament_Fixer/AdditionalRuntimes/jfg.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Tournament_Fixer/AdditionalRuntimes/jsg.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral14
Sample
Tournament_Fixer/AdditionalRuntimes/jsr.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Tournament_Fixer/AdditionalRuntimes/kwg.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral16
Sample
Tournament_Fixer/AdditionalRuntimes/lsm.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Tournament_Fixer/AdditionalRuntimes/lsmproxy.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
Tournament_Fixer/AdditionalRuntimes/lstelemetry.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Tournament_Fixer/AdditionalRuntimes/luainstall.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
Tournament_Fixer/AdditionalRuntimes/luiapi.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Tournament_Fixer/AdditionalRuntimes/lz32.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral22
Sample
Tournament_Fixer/AdditionalRuntimes/mcicda.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Tournament_Fixer/AdditionalRuntimes/mciwave.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral24
Sample
Tournament_Fixer/AdditionalRuntimes/mfc70.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
Tournament_Fixer/AdditionalRuntimes/nvrl.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral26
Sample
Tournament_Fixer/AdditionalRuntimes/nvrl64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Tournament_Fixer/AdditionalRuntimes/tcs.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral28
Sample
Tournament_Fixer/AdditionalRuntimes/tcs64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
Tournament_Fixer/AdditionalRuntimes/tm.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral30
Sample
Tournament_Fixer/AdditionalRuntimes/wmc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
FN-TOOLZ-main/applecleaner.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral32
Sample
FN-TOOLZ-main/serial_checker.bat
Resource
win10v2004-20240508-en
General
-
Target
FN-TOOLZ-main/serial_checker.bat
-
Size
454B
-
MD5
fa70cdbb3fc5fc08aff5db9270dd662f
-
SHA1
87e21ed26ae37cfa14a56ff000f3c29dedfa23bc
-
SHA256
56e0af9513d41127dd33933116970b3d2560d0586f7a64b6ffdf215d1fc762ab
-
SHA512
8e44ad0ac87ce8335377dc2f40d5b3960e727ffd5387e0b1b411e03e9b772dfd21c523fec45327edd04b2ae4226ec4def4cc4783f3484b5f3e80e24c4ae2a826
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1200 WMIC.exe Token: SeSecurityPrivilege 1200 WMIC.exe Token: SeTakeOwnershipPrivilege 1200 WMIC.exe Token: SeLoadDriverPrivilege 1200 WMIC.exe Token: SeSystemProfilePrivilege 1200 WMIC.exe Token: SeSystemtimePrivilege 1200 WMIC.exe Token: SeProfSingleProcessPrivilege 1200 WMIC.exe Token: SeIncBasePriorityPrivilege 1200 WMIC.exe Token: SeCreatePagefilePrivilege 1200 WMIC.exe Token: SeBackupPrivilege 1200 WMIC.exe Token: SeRestorePrivilege 1200 WMIC.exe Token: SeShutdownPrivilege 1200 WMIC.exe Token: SeDebugPrivilege 1200 WMIC.exe Token: SeSystemEnvironmentPrivilege 1200 WMIC.exe Token: SeRemoteShutdownPrivilege 1200 WMIC.exe Token: SeUndockPrivilege 1200 WMIC.exe Token: SeManageVolumePrivilege 1200 WMIC.exe Token: 33 1200 WMIC.exe Token: 34 1200 WMIC.exe Token: 35 1200 WMIC.exe Token: 36 1200 WMIC.exe Token: SeIncreaseQuotaPrivilege 1200 WMIC.exe Token: SeSecurityPrivilege 1200 WMIC.exe Token: SeTakeOwnershipPrivilege 1200 WMIC.exe Token: SeLoadDriverPrivilege 1200 WMIC.exe Token: SeSystemProfilePrivilege 1200 WMIC.exe Token: SeSystemtimePrivilege 1200 WMIC.exe Token: SeProfSingleProcessPrivilege 1200 WMIC.exe Token: SeIncBasePriorityPrivilege 1200 WMIC.exe Token: SeCreatePagefilePrivilege 1200 WMIC.exe Token: SeBackupPrivilege 1200 WMIC.exe Token: SeRestorePrivilege 1200 WMIC.exe Token: SeShutdownPrivilege 1200 WMIC.exe Token: SeDebugPrivilege 1200 WMIC.exe Token: SeSystemEnvironmentPrivilege 1200 WMIC.exe Token: SeRemoteShutdownPrivilege 1200 WMIC.exe Token: SeUndockPrivilege 1200 WMIC.exe Token: SeManageVolumePrivilege 1200 WMIC.exe Token: 33 1200 WMIC.exe Token: 34 1200 WMIC.exe Token: 35 1200 WMIC.exe Token: 36 1200 WMIC.exe Token: SeIncreaseQuotaPrivilege 4752 WMIC.exe Token: SeSecurityPrivilege 4752 WMIC.exe Token: SeTakeOwnershipPrivilege 4752 WMIC.exe Token: SeLoadDriverPrivilege 4752 WMIC.exe Token: SeSystemProfilePrivilege 4752 WMIC.exe Token: SeSystemtimePrivilege 4752 WMIC.exe Token: SeProfSingleProcessPrivilege 4752 WMIC.exe Token: SeIncBasePriorityPrivilege 4752 WMIC.exe Token: SeCreatePagefilePrivilege 4752 WMIC.exe Token: SeBackupPrivilege 4752 WMIC.exe Token: SeRestorePrivilege 4752 WMIC.exe Token: SeShutdownPrivilege 4752 WMIC.exe Token: SeDebugPrivilege 4752 WMIC.exe Token: SeSystemEnvironmentPrivilege 4752 WMIC.exe Token: SeRemoteShutdownPrivilege 4752 WMIC.exe Token: SeUndockPrivilege 4752 WMIC.exe Token: SeManageVolumePrivilege 4752 WMIC.exe Token: 33 4752 WMIC.exe Token: 34 4752 WMIC.exe Token: 35 4752 WMIC.exe Token: 36 4752 WMIC.exe Token: SeIncreaseQuotaPrivilege 4752 WMIC.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 4272 wrote to memory of 1200 4272 cmd.exe 82 PID 4272 wrote to memory of 1200 4272 cmd.exe 82 PID 4272 wrote to memory of 4752 4272 cmd.exe 84 PID 4272 wrote to memory of 4752 4272 cmd.exe 84 PID 4272 wrote to memory of 4584 4272 cmd.exe 85 PID 4272 wrote to memory of 4584 4272 cmd.exe 85 PID 4272 wrote to memory of 3428 4272 cmd.exe 86 PID 4272 wrote to memory of 3428 4272 cmd.exe 86 PID 4272 wrote to memory of 2796 4272 cmd.exe 87 PID 4272 wrote to memory of 2796 4272 cmd.exe 87 PID 4272 wrote to memory of 4292 4272 cmd.exe 88 PID 4272 wrote to memory of 4292 4272 cmd.exe 88
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\FN-TOOLZ-main\serial_checker.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4272 -
C:\Windows\System32\Wbem\WMIC.exewmic diskdrive get model, serialnumber2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1200
-
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get serialnumber2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4752
-
-
C:\Windows\System32\Wbem\WMIC.exewmic bios get serialnumber2⤵PID:4584
-
-
C:\Windows\System32\Wbem\WMIC.exewmic baseboard get serialnumber2⤵PID:3428
-
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_computersystemproduct get uuid2⤵PID:2796
-
-
C:\Windows\system32\getmac.exegetmac2⤵PID:4292
-