Overview

overview

7

Static

static

3

7fd8793943...2f.exe

windows7-x64

7

7fd8793943...2f.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    6s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2024, 12:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7fd879394351cc247185c7c3537af62f.exe

  • Size

    264KB

  • MD5

    7fd879394351cc247185c7c3537af62f

  • SHA1

    eece0bc50165b20f18387ce2d90a5596e61b5784

  • SHA256

    e2aa2aaeef264369a30de21905df03a6bea2134be3c6bb63815c8305beb7973c

  • SHA512

    5bc65f4a411131ac22db044fff9fd0f016a3d00e8e634627c9c964d1e0026a9d269fd84717a17a817a03a2d0d9f985a4f17e499ab850040a769f41b7fb5d155c

  • SSDEEP

    6144:t43E/UxShGkwrKhiuFHMQsgnHnTrMvyGkDVH86+ZlE:yGUxSNwrKhrH5nH3GxZK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 34 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7fd879394351cc247185c7c3537af62f.exe
    "C:\Users\Admin\AppData\Local\Temp\7fd879394351cc247185c7c3537af62f.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\SysWOW64\net.exe
      net stop McShield
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop McShield
        3⤵
          PID:3044
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ieflux.exe_deleteme.bat
        2⤵
          PID:2816
      • C:\Windows\ime\winupgrade.exe
        C:\Windows\ime\winupgrade.exe
        1⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:2164

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ieflux.exe_deleteme.bat
        Filesize

        64B

        MD5

        bfcaeabfbce998e551827934f9cab4ad

        SHA1

        3a91d41d9d42b737bdb82f59b3867d3b4ef27035

        SHA256

        1813f05035373247df14aeb946d7a38183cd78e9d6ed1f637b45eaff537b382a

        SHA512

        5a393fc6e5cd0004b8c559b5dbbbc6903c4df29e27df3a4fe26bb8ad40b860f51d10152d7ebf002de6772448411edf3838626c34ce5d2265aa6a9703809831db

        Download Submit

      • C:\Windows\IME\winupgrade.exe
        Filesize

        438KB

        MD5

        61f6616249dcd05447dfd44d8aeb20cb

        SHA1

        da03d83eb96281395c7779297e2a45ce4635a8db

        SHA256

        3b071d347a89c6ddaa3f183bbc2bda404c3631def2b0a3ee513b0e18d9faf307

        SHA512

        3fa3eddf68003d496fbbcf2cf59d1d92faaa6680f9b18c6a49d6a709a3c930cc48fc5001f94c26db92b0c09c73fcb5f685b5d08cad7f2632bb0e45a85c3ce7dd

        Download Submit

      • memory/2164-4-0x0000000000400000-0x0000000000474200-memory.dmp

        Filesize

        464KB

        Download

      • memory/2164-5-0x0000000000360000-0x0000000000361000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2164-15-0x0000000000400000-0x0000000000474200-memory.dmp

        Filesize

        464KB

        Download

      • memory/2164-16-0x0000000000400000-0x0000000000474200-memory.dmp

        Filesize

        464KB

        Download

      • memory/2164-17-0x0000000000400000-0x0000000000474200-memory.dmp

        Filesize

        464KB

        Download

      • memory/2164-18-0x0000000000400000-0x0000000000474200-memory.dmp

        Filesize

        464KB

        Download

      • memory/3020-0-0x0000000000400000-0x00000000004CF000-memory.dmp

        Filesize

        828KB

        Download

      • memory/3020-13-0x0000000000400000-0x00000000004CF000-memory.dmp

        Filesize

        828KB

        Download