Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    134s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 20:50

General

  • Target

    Tournament_Fixer/AdditionalRuntimes/hssft.exe

  • Size

    111KB

  • MD5

    7e4c91e99386e4d603734a940513646a

  • SHA1

    ffeb4a9864b771dbf0c202ebf1982e9a85c25e94

  • SHA256

    43d7bf72f6bdfe4a75543160f26c81b1e5693a4f9510ce578bf4ee5351696516

  • SHA512

    c9390890e3b8e0b894f705082dec6a0e49f66bf1ff185719240f6b94dd96bd1eafb6938adcf00e5e155fea07d3d11131e01ce7f7a62aabb1bfdf4a20ead0ead7

  • SSDEEP

    1536:77fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfCwF2i1Zue+Kiu0j:X7DhdC6kzWypvaQ0FxyNTBfCu2izJHs

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\hssft.exe
    "C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\hssft.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3681.tmp\3682.tmp\3693.bat C:\Users\Admin\AppData\Local\Temp\Tournament_Fixer\AdditionalRuntimes\hssft.exe"
      2⤵
        PID:2332

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\3681.tmp\3682.tmp\3693.bat

      Filesize

      22KB

      MD5

      981d727788f3a19185770ef07422f665

      SHA1

      c385d4b29e675d66e5e5321df58c2c2f8aff011c

      SHA256

      da0eed270a5528d0d85611d1f01952aee01bc5637481509e7e61cac17fe2edde

      SHA512

      7a49aa1647f2f6b4376ea7161d4de955fef8672bc5ae27bbdd759d0434e4f9301e46f22e8d3f02e920818999cf22cdbe05f2c9303f24c4f0ab2ca50d9dd4c6ad