Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

War3-1.27-...er.exe

windows7-x64

3

War3-1.27-...er.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2024, 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    War3-1.27-Installer-enUS-TFT/Installer.exe

  • Size

    2.5MB

  • MD5

    7617c52897108540f171b9c02db344bf

  • SHA1

    4b2d6f9b26756c45219876c1c3f4c250376beb3e

  • SHA256

    233a621c16c95d76452601ff19822a89d6011fd7fbd5a36336808deea39a1cec

  • SHA512

    19d75ee9212335182719463a1a07be519053b4bd6591f6a248f5cf2985869cff7eecc4e8a0bde0b0e53dcac6390e927f6423a3416aaae3bf7ea17992f7f59e9d

  • SSDEEP

    49152:4BJMnTwurF0JMM7OCN+04M14Zll5ZMflT4t1b+JJeF3lrpa:pTwEF0JMM7Ot04pm+bY4g

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\War3-1.27-Installer-enUS-TFT\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\War3-1.27-Installer-enUS-TFT\Installer.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2520
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x508 0x150
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Blizzard Entertainment\FrizQuadrata.fon
    Filesize

    1KB

    MD5

    9c799fefa840da6afddb498551774a82

    SHA1

    bd90d0ec65989861d37c0184fb5b7f0963a0e199

    SHA256

    741594aa11b35f7d30c8df340714f683aab82afa6a4006c537865c1fdb936397

    SHA512

    af014c54ef67757333d0d2b7c43a0027ccfa087d10130becfa43bcbf6181104834a7e4eab7b25882122f36f24d33a9d02983caddd2802c467aa763bdd79e36d6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Blizzard Installer Temporary Data - 1d0bbf50\Footer.xml
    Filesize

    55B

    MD5

    6fe0103764f627ac6a65b21d55d07c01

    SHA1

    3ed2db39432e24219eb2ff0b13781185b11f7ecf

    SHA256

    1d2c3487a1044632603ad556905b2d8a4a17655a6a0c181b6c0c7824056c97af

    SHA512

    e1d0d2f0070751e3566905a3205ac7be4e505f64d7d6f494a4a6514a4b667791c79a114a85e8f157d129e3705447bd958ba542451dd4208b439f3c2aa473ea29

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Blizzard Installer Temporary Data - 1d0bbf50\FrizQuadrata.ttf
    Filesize

    60KB

    MD5

    8eccce155090104c7902b964cd0e12fe

    SHA1

    bd0ae32b90dfcc4b65efa5e128f21a67b1adf654

    SHA256

    8f798feb09a0e9dc97daf0a54b52a9a1a7b4cf7103fcb2aa1566ab36ac4dc41c

    SHA512

    519f6f7471455f235527875a27bae50262610a65da621b72c972142984b7e4309d6aa1fce8f707cf59cbfe636cb167b4599597b61ae1a24bc62523e9158e0456

    Download Submit