Overview

overview

7

Static

static

3

7990f6fefa188d_JC.exe

windows7-x64

3

7990f6fefa188d_JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2023, 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7990f6fefa188d_JC.exe

  • Size

    2.4MB

  • MD5

    7990f6fefa188d9673dea961222a7dc1

  • SHA1

    e871afcd57ec0960fa87c5de1fab94a831311ceb

  • SHA256

    f19d2394583f6cace56543f7220620b0ea08b1043aafa614e2dff514a2a4b687

  • SHA512

    95d94e047ac8a4c8134098828425d3a6e1297da6348d772764678bc16679f7cb9f4fb608bbc1a61465fb7ed4deac31c5bc277bc970d6211ee318bf8466556bf9

  • SSDEEP

    49152:+mIfQf0D1MsToxyrIYLNiXicJFFRGNzj3:OQf0D11h7wRGpj3

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7990f6fefa188d_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\7990f6fefa188d_JC.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1452
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\cpuz_driver_1452.log
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3224

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cpuz_driver_1452.log
    Filesize

    563B

    MD5

    6c328dbea26729b37353b23703b972ca

    SHA1

    8f022c816ca39f377124961591bf282a2c49de8d

    SHA256

    4af380eed4ce32ed57f3a5338450551bb775b01eef9a81e533cd7c223429e8b3

    SHA512

    4b10299ebf35bce8694283bdb60f429341a10d294be3b7a33cc46555c12b392debfce06ecfa86a84023d01f60a49d7307999df006436b4df0fa8bbe55f57099a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cpuz_driver_1452.log
    Filesize

    1KB

    MD5

    e04b572ede8441c504e255287740bf67

    SHA1

    cefe235182d5aaf9c19339745169df056b87cdfc

    SHA256

    81e9ee79bcac3054ee5f15912ca65e7301b26a047dd75c33f74e48662a58cd9f

    SHA512

    3f56c542ccd4f21749a6a7e023fed2cc633cfd16d67e27d8393859cebfb30ba0ca9d180bdd26f673d50506088d78b142ecf96aaecc1ff86dd2e050c21a7c5b56

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cpuz_driver_1452.log
    Filesize

    1KB

    MD5

    3906ff03f055a45fe368e2d3e9701323

    SHA1

    2d89a42c5e44dce35fa33b20c742fa678355b6c3

    SHA256

    ac2ec5fd112986e4122bc7413168951ae4f3ae730c8f26f8e8bf3be6f6dfc11b

    SHA512

    e75fb4ec98c3214ec581ab9905c12ea812173df11e4f693e483a91480cadef6930fcc4ccada04d290d22e82c21da8e958145843343c141d7cbf9aab6c59cefd1

    Download Submit

  • memory/1452-133-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1452-161-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1452-173-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download