Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

46315b5491...cd.exe

windows7-x64

7

46315b5491...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    26s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2024, 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46315b54912739075d98433897e86ecd.exe

  • Size

    367KB

  • MD5

    46315b54912739075d98433897e86ecd

  • SHA1

    34d12821cca2589b80d9b5d2c235375563b1b6a0

  • SHA256

    a55b2334334dd206aceea6719cf7ec3bac9b325d84f0607e65f4a3f88b57161e

  • SHA512

    db233bd3bcb55f9504fec776da6df83bac98f6915133ce3dc62aa29de313b9c247dfdbd1164f435ecce337357402e2fc9b05250e7d3f86f316047742ebc51eef

  • SSDEEP

    6144:R/kFr0H89gBk+0AS7qHcrymVwAiO2QVmJYtXbwp0UsaIJT+vybUxGknqwwc2j:R/kpj9wen7q8rzRVmetXbw6UsZWybcn2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 34 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46315b54912739075d98433897e86ecd.exe
    "C:\Users\Admin\AppData\Local\Temp\46315b54912739075d98433897e86ecd.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\SysWOW64\net.exe
      net stop McShield
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:340
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop McShield
        3⤵
          PID:2440
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ieflux.exe_deleteme.bat
        2⤵
          PID:2040
      • C:\Windows\ime\winupgrade.exe
        C:\Windows\ime\winupgrade.exe
        1⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:2828

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ieflux.exe_deleteme.bat
        Filesize

        64B

        MD5

        bfcaeabfbce998e551827934f9cab4ad

        SHA1

        3a91d41d9d42b737bdb82f59b3867d3b4ef27035

        SHA256

        1813f05035373247df14aeb946d7a38183cd78e9d6ed1f637b45eaff537b382a

        SHA512

        5a393fc6e5cd0004b8c559b5dbbbc6903c4df29e27df3a4fe26bb8ad40b860f51d10152d7ebf002de6772448411edf3838626c34ce5d2265aa6a9703809831db

        Download Submit

      • C:\Windows\IME\winupgrade.exe
        Filesize

        653KB

        MD5

        dd83adadfa69e555fbffaa2dafd119da

        SHA1

        4d2872c6a5ebe237ce28254cf0a9315616016136

        SHA256

        2f4a65fecb7195a982b1463002e06324bab25069f65eb1884c45e174c8563280

        SHA512

        962b88f246a1f3f1c4e38874538fcabfac653a4c4c11e4905abcbbc4b0a75cbf68b9386f05bec189ef90221e08c55908b4181c6aaf8d2b9b4c8a39332e3e71cd

        Download Submit

      • memory/2088-14-0x0000000000400000-0x000000000051F000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2088-1-0x0000000000220000-0x0000000000221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2088-0-0x0000000000400000-0x000000000051F000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2828-5-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/2828-6-0x00000000002E0000-0x00000000002E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2828-16-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/2828-18-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/2828-19-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/2828-20-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/2828-21-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/2828-22-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/2828-23-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download