7D1E.exe

General
Target

7D1E.exe

Size

823KB

Sample

210504-e7shvt3z8n

Score
10 /10
MD5

98aeb8fcd1eae79f983087721305aa9f

SHA1

87c013f1cd71a20836c5a2ba7f7206ce1fd64a5f

SHA256

712e9e9e2976782e38288d45a2d177f1dc3757c7610b4b9bae9e35be9f20b913

SHA512

bd470e8e0ec1042cc6cdea479e23aa41ee3698b2c383dbdb32f5333cb734d5bfcb49128be854829c54cd4e1f78c0566387675913d6dd196cc3a9221501419b2e

Malware Config
Targets
Target

7D1E.exe

MD5

98aeb8fcd1eae79f983087721305aa9f

Filesize

823KB

Score
10 /10
SHA1

87c013f1cd71a20836c5a2ba7f7206ce1fd64a5f

SHA256

712e9e9e2976782e38288d45a2d177f1dc3757c7610b4b9bae9e35be9f20b913

SHA512

bd470e8e0ec1042cc6cdea479e23aa41ee3698b2c383dbdb32f5333cb734d5bfcb49128be854829c54cd4e1f78c0566387675913d6dd196cc3a9221501419b2e

Tags

Signatures

  • Deletes Windows Defender Definitions

    Description

    Uses mpcmdrun utility to delete all AV definitions.

    Tags

    TTPs

    Command-Line Interface
  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Disables Task Manager via registry modification

    Tags

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  10/10

                  behavioral2

                  10/10