Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

HD_Tune_Pro_v5.00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    53s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 15:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HD_Tune_Pro_v5.00.exe

  • Size

    7.5MB

  • MD5

    14a93cf0f4e1c3239336990f90f18362

  • SHA1

    88bb17f887556e669f721769cbbfac5d5580e60d

  • SHA256

    8c44c173870c5cdc938e7e13fe92b5a813306368bc331a72a04dcc47a0f77a8a

  • SHA512

    24cb9eacf4b5ff2b92b418e23707f261fde9a8a38d77ded3b89e565357720f7b78f32c982209f0e1d4f02736b25b25a58a7e6b3347a0a91d299cb51457a0f210

  • SSDEEP

    98304:B8fgSSdjQelz0XWy3HBKpyhDTOQulLmx5tYIFasOtulKllQ06JBRJU6+HHqIBqUg:yfqDqWy3hZ91AIFasOgMllx6JBXU6vGu

Score
7/10
bootkitdiscoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 25 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HD_Tune_Pro_v5.00.exe
    "C:\Users\Admin\AppData\Local\Temp\HD_Tune_Pro_v5.00.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Users\Admin\AppData\Roaming\VOS\HD Tune Pro\%Program Files (x86)%\HD Tune Pro\HDTunePro.exe
      "C:\Users\Admin\AppData\Roaming\VOS\HD Tune Pro\%Program Files (x86)%\HD Tune Pro\HDTunePro.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • Writes to the Master Boot Record (MBR)
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1988

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    73.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    107.12.20.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    107.12.20.2.in-addr.arpa
    IN PTR
    Response
    107.12.20.2.in-addr.arpa
    IN PTR
    a2-20-12-107deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    140 B
     133 B
     2
    1

    DNS Request

    83.210.23.2.in-addr.arpa

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    241.150.49.20.in-addr.arpa

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    73.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    73.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    107.12.20.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    107.12.20.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\VOS\HD Tune Pro\%Program Files (x86)%\HD Tune Pro\HDTunePro.exe
    Filesize

    302KB

    MD5

    b8136653535808a925a576e83d6f932a

    SHA1

    28bd657086e0d7532f3723512f54ff9f5ca49bde

    SHA256

    1b3a290b8cca881d10dfc2b87ef82b2dac7b0060e7ed92f035c8401d4a02c57a

    SHA512

    24b94add8fae2ac8985b6ea62121668c33f50f358852d59e8d83ff7eb6d675b02c7cf3495b212dd6a6f0797cc1389f9a4500aee65bfe321e109666620cada6fc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\VOS\HD Tune Pro\AppVirtDll_HD Tune Pro.dll
    Filesize

    572KB

    MD5

    3007d95d7b00061dd72f2bc291e28770

    SHA1

    6e95093fa99d185bb5c7d12f22bf7d7ce94add2d

    SHA256

    efe2d2a6fa61e96faae789337daf40346b825d9b9c49c1dcec67bd5abc9b4cf6

    SHA512

    dff9ef99a56562d102d9748b18efee69e7afeb293d6734094d99f1569dd4ff9fb8a353c55cc1cb51e0185fc6faea6f25c2104b49de818ba4cdc8b64a21c0e2d3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\VOS\HD Tune Pro\VirtFiles.db
    Filesize

    14KB

    MD5

    154977c2d1acf2e48c82f9969ce3d397

    SHA1

    556d4898d0a7cc10d7e30e2b912d379bfd317f70

    SHA256

    81ef6cbd8c20e4b42eb56afbd365d183a05cc4dee8da5d992706ddbfa558bbb0

    SHA512

    0e03269ec9d6e78ac98841fd5b7b64020a2d1390ef56a038161bbcee83d8945c6039b2e0af7c854c7a3bffe2ce559dffcb4ca5c6c89309b0b6396168d34defbb

    Download Submit

  • memory/1240-34-0x00000000719D0000-0x00000000719D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-45-0x0000000077083000-0x0000000077084000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-43-0x0000000071630000-0x0000000071631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-42-0x0000000071640000-0x0000000071641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-41-0x0000000071A20000-0x0000000071A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-40-0x0000000071A30000-0x0000000071A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-39-0x0000000071AE0000-0x0000000071AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-38-0x0000000071AF0000-0x0000000071AF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-35-0x00000000719C0000-0x00000000719C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-33-0x0000000071A50000-0x0000000071A51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-50-0x0000000071960000-0x0000000071961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-49-0x0000000071970000-0x0000000071971000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-48-0x0000000071AB0000-0x0000000071AB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-47-0x0000000071AC0000-0x0000000071AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-46-0x00000000051D0000-0x00000000051D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-31-0x0000000077083000-0x0000000077084000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-44-0x0000000077082000-0x0000000077083000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-58-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1240-57-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1240-74-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1240-60-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1240-30-0x0000000077082000-0x0000000077083000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-32-0x0000000071A60000-0x0000000071A61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-56-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1240-53-0x0000000077082000-0x0000000077083000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-54-0x0000000077083000-0x0000000077084000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-55-0x0000000076F30000-0x0000000076F31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-67-0x00000000719D0000-0x00000000719D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1988-81-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-70-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-80-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1988-72-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-82-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-61-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1988-77-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-68-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-69-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-78-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-71-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-83-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-84-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1988-86-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-85-0x0000000076F10000-0x0000000077000000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1988-87-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1988-88-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1988-89-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.