Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

46315b5491...cd.exe

windows7-x64

7

46315b5491...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    44s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46315b54912739075d98433897e86ecd.exe

  • Size

    367KB

  • MD5

    46315b54912739075d98433897e86ecd

  • SHA1

    34d12821cca2589b80d9b5d2c235375563b1b6a0

  • SHA256

    a55b2334334dd206aceea6719cf7ec3bac9b325d84f0607e65f4a3f88b57161e

  • SHA512

    db233bd3bcb55f9504fec776da6df83bac98f6915133ce3dc62aa29de313b9c247dfdbd1164f435ecce337357402e2fc9b05250e7d3f86f316047742ebc51eef

  • SSDEEP

    6144:R/kFr0H89gBk+0AS7qHcrymVwAiO2QVmJYtXbwp0UsaIJT+vybUxGknqwwc2j:R/kpj9wen7q8rzRVmetXbw6UsZWybcn2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 34 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46315b54912739075d98433897e86ecd.exe
    "C:\Users\Admin\AppData\Local\Temp\46315b54912739075d98433897e86ecd.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\SysWOW64\net.exe
      net stop McShield
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1572
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop McShield
        3⤵
          PID:4540
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ieflux.exe_deleteme.bat
        2⤵
          PID:3812
      • C:\Windows\ime\winupgrade.exe
        C:\Windows\ime\winupgrade.exe
        1⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:4708

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ieflux.exe_deleteme.bat
        Filesize

        64B

        MD5

        bfcaeabfbce998e551827934f9cab4ad

        SHA1

        3a91d41d9d42b737bdb82f59b3867d3b4ef27035

        SHA256

        1813f05035373247df14aeb946d7a38183cd78e9d6ed1f637b45eaff537b382a

        SHA512

        5a393fc6e5cd0004b8c559b5dbbbc6903c4df29e27df3a4fe26bb8ad40b860f51d10152d7ebf002de6772448411edf3838626c34ce5d2265aa6a9703809831db

        Download Submit

      • C:\Windows\IME\winupgrade.exe
        Filesize

        154KB

        MD5

        0d03e19c0e8ca2a3ab00e64f0fbcea62

        SHA1

        2dff19447151629b38045bd4446fe5995e7f7d3f

        SHA256

        9bded95ed2f49f7a3f25fcdd1db957129be600963e0f9e7269cba731cf231c0b

        SHA512

        f2b84a05aa5f95c3d9a0b2535498cee591725376628cf6c10f366fd2e5eb9bc59d6c7bb59139a00fcaa2996108c499083727a7b0ed3098d9351159ddf2f1374f

        Download Submit

      • C:\Windows\ime\winupgrade.exe
        Filesize

        178KB

        MD5

        fc92a4fec697cb8c86bb2f4fa0e480c2

        SHA1

        d968409a6a767ddcccc3cc511a98e6032c123d79

        SHA256

        79977fe63a97890102bffbfc8c482d74c742e6d8e3f4c41422757befbce41aff

        SHA512

        f785416ee2784aab132304b117644f25674d7d044a417965816c83b7c7c34fbba40de27afe12fc75f257ff6b98c28bcb1df7d70ebf79514d72d320615443fdb7

        Download Submit

      • memory/2136-1-0x00000000006C0000-0x00000000006C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2136-0-0x0000000000400000-0x000000000051F000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2136-10-0x0000000000400000-0x000000000051F000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4708-14-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-17-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-12-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-13-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-6-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-15-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-16-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-7-0x0000000000ED0000-0x0000000000ED1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4708-18-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-19-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-20-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-21-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-22-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-23-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-24-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download

      • memory/4708-25-0x0000000000400000-0x00000000004AA200-memory.dmp

        Filesize

        680KB

        Download