Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

2179d2e2fe...JC.exe

windows7-x64

6

2179d2e2fe...JC.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2023, 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2179d2e2fe043348627bfcd8bcc57b55_JC.exe

  • Size

    1.5MB

  • MD5

    2179d2e2fe043348627bfcd8bcc57b55

  • SHA1

    686c86a9f710e6af022f7337f73c8cc44d10891b

  • SHA256

    a15f1b4d01664bf77866a27c5d3a6f99fa808f0699f101bb402060a5c3ea3f31

  • SHA512

    d8a03af1cbe8db25afef4c8791ee8fc5895d91a305587f4f558f69886093086415c4a7b8a6f4598ba0280ceef3a4fb53d6dca86bcde2fa06720d45d93a76c15e

  • SSDEEP

    6144:l1/lKgzelZNQSBQGH/CSpWqTVmQ0ueF/mNyB:lcfBQGH6SfsQJCB

Score
6/10
ransomware

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2179d2e2fe043348627bfcd8bcc57b55_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2179d2e2fe043348627bfcd8bcc57b55_JC.exe"
    1⤵
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 968
      2⤵
      • Program crash
      PID:1484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\7z.cab
    Filesize

    458KB

    MD5

    619f7135621b50fd1900ff24aade1524

    SHA1

    6c7ea8bbd435163ae3945cbef30ef6b9872a4591

    SHA256

    344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

    SHA512

    2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

    Download Submit

  • C:\Program Files\7-Zip\7z.exe
    Filesize

    285KB

    MD5

    0c94e7bbb5b6aa4121cd3df06bc0dd87

    SHA1

    50ec35be938a22966f9b5451481f452c5cae28c5

    SHA256

    2dd12bf970a61a7a009ff7ce6cc8a7c612987297f22f42d870117961c944f822

    SHA512

    349efa08579fcae16dda438114c1c58f23c9de9c55bce689aecc09fc4c047d9a0eae15ecffda9798d1b62ed64de4aa96053bdd4890f202d6980915646ece1000

    Download Submit

  • C:\Program Files\7-Zip\7zFM.cab
    Filesize

    847KB

    MD5

    c8f40f25f783a52262bdaedeb5555427

    SHA1

    e45e198607c8d7398745baa71780e3e7a2f6deca

    SHA256

    e81b44ee7381ae3b630488b6fb7e3d9ffbdd9ac3032181d4ccaaff3409b57316

    SHA512

    f5944743f54028eb1dd0f2d68468726b177d33185324da0da96cdd20768bab4ca2e507ae9157b2733fd6240c920b7e15a5f5b9f284ee09d0fd385fc895b97191

    Download Submit

  • C:\Program Files\7-Zip\7zFM.exe
    Filesize

    1.5MB

    MD5

    a7f06f141cdab30972958ba56923c181

    SHA1

    94074aea081180b2274053d3d0e801314d674e78

    SHA256

    4701cc699a5832c7138fcd2cf5dd0dd8d40006244a2f8f3340c4b584f5f01d01

    SHA512

    793f60324c519135936b9f7b1f1aadd7b9e744afb33a430dc0651c1283885d18eb2c4e58242f95e48342b982cac8b7028842d35f5669d4d792e9f8546e2731a6

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    Filesize

    326KB

    MD5

    1892e0f0e29cc098b349f318f670a8cb

    SHA1

    615d53956a245727e358763e2a3460aeadef97a8

    SHA256

    0566555ba2d1adf0b376a5cfaf6e9b9d184ba86fa0662e4f0ea4fd9d6e84af18

    SHA512

    513e1e824fabb481ee8d0a684d1ad489670b7ecd90dada48fca8c20b77b0f307056811aa49f27361c4eb53c2ebaac2a5baab5a9052d575711e5cebf259808403

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab
    Filesize

    118KB

    MD5

    f45a7db6aec433fd579774dfdb3eaa89

    SHA1

    2f8773cc2b720143776a0909d19b98c4954b39cc

    SHA256

    2bc2372cfabd26933bc4012046e66a5d2efc9554c0835d1a0aa012d3bd1a6f9a

    SHA512

    03a4b7c53373ff6308a0292bb84981dc1566923e93669bbb11cb03d9f58a8d477a1a2399aac5059f477bbf1cf14b17817d208bc7c496b8675ece83cdabec5662

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab
    Filesize

    1.6MB

    MD5

    527e039ba9add8a7fac3a6bc30a6d476

    SHA1

    729a329265eda72cada039c1941e7c672addfc19

    SHA256

    4b8a72fc81b733ed2e6e70d4c5401f954002783dbf14927849ad579860780b94

    SHA512

    9e73e14e33a5f07a87e9c1fecfdaee09d1408471052aacfde3d1e877dad4d253b525ebefca6bddabc23cf81d8dcce0785aedcc2f135d171ecbb1feaeb922c449

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
    Filesize

    1.5MB

    MD5

    50cdf3ec72ac88e2a64343a19a7ba52b

    SHA1

    cb491c555fb244145cd4c3b0af857d753ce253bd

    SHA256

    1f8ff4a5d2fb8a33eeab9c0ac37d6b5d0937db0cf94cd95380be937cd107cb0c

    SHA512

    f23ec842f6774b0fb869eff14209d9dca220b70c4810553a0208f7e8b8703e99d01c594f1ae56cc391c23dabf09ae4ae98686e2395a27d834257b25a1ef134f7

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab
    Filesize

    1.6MB

    MD5

    ec6386b63c3a5ffe0577905e94262c3a

    SHA1

    8f8c428d0e7f32c9d733ca28384ded413a060588

    SHA256

    302c968ab3e1227d54df4e72f39088d7483d25eeb3037f0b16bc39cef2728fa4

    SHA512

    ddbefb759858493de1f9d7addc6ff4488c8be3164374e0a88c3cbe97751510005dfe6d91c5499fcbdc35aa33a8eda2d45591a66e54ab9462277dc833faef77c3

    Download Submit

  • C:\Program Files\Google\Chrome\Application\RCX4538.tmp
    Filesize

    384KB

    MD5

    40be5d2a1c3b23ce062c8604c2289bd5

    SHA1

    f09baa2c0ff82ddb62d8525472a03b86ff6b0091

    SHA256

    ae55d2c382076acd790a7f5eb2087b1ddb2e1b84bb8902d720b7cab3c2895b3f

    SHA512

    6a23ba39eefe94071030903ada5d38cb1c880e659449a4057695600df15e24ea48a1dffe1b0ead3e605b31bca5bf3ab6e9dafbac8598b6ad19465f04b1f1a1f8

    Download Submit

  • C:\Program Files\Google\Chrome\Application\chrome.cab
    Filesize

    2.8MB

    MD5

    095092f4e746810c5829038d48afd55a

    SHA1

    246eb3d41194dddc826049bbafeb6fc522ec044a

    SHA256

    2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588

    SHA512

    7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

    Download Submit

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    Filesize

    405KB

    MD5

    8be0a1d3772c5cbfe083c6e7e7b01829

    SHA1

    e4013de7491d8346e18071c51b186002f2bb424d

    SHA256

    8b8327b2b7af6b31d13194da723f10d261fbd75f681085ee21c7588d33839d0e

    SHA512

    a46c4fd3427329c8dcd55994bf54e62a7a060163eefa77555cd9925827a2f2e97759cb1f9b38f971f33dc6c54ff6f81fb1791274a3de4f671244a356a823b765

    Download Submit

  • C:\Program Files\Google\Chrome\Application\chrome_proxy.cab
    Filesize

    1020KB

    MD5

    b65d7344b0a7faa207d2e1a7adaafb60

    SHA1

    755ad15b1745b0e730d658d4a92e2b754425b7db

    SHA256

    f4b91fbbcba8a46eefe4965e4a24c6ede3decbd1fec96e141a1953173efd1c92

    SHA512

    f17ac73c2df7c73a31b11ce0f533d6db91bdb0cdeea653dcd52ac72c3cf28da0c236b79586ddc7a6c825fdd171290722f888465e776f12ac2cae75be82726b22

    Download Submit

  • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Filesize

    423KB

    MD5

    2ded717cc032a1105acf82a8e7d66f5b

    SHA1

    0ce9a503044d767829d85ffd78d87be49459931d

    SHA256

    0019fbc76be3a655af1ac729c10db99eca995fafce0721c6e2590de86a5fc06d

    SHA512

    917a3d6b3d798a1ba194f8d37e02de3e88f03fbacd3e7ebbb9415dbeb930a35c1a3695c8e8736d8b4e5afbd69ca9415224308618ecce05fc152370b3a514332e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    Filesize

    135KB

    MD5

    0d472c9720e55e9c249207de6c69722c

    SHA1

    7244426a440a268cb37b49005812b8f20f052776

    SHA256

    bc1d3cfb69f97bc930af3af7be8601e60eb1cc78516aa844e41c65e51c316de3

    SHA512

    f77bf33604691e0f21f1f3548187153495aad5cd5beb80b409ff50c71502e5303ddb7d64b652edc5b4177bf88e8cee0df914f91b9532b9b1116af32050291cca

    Download Submit

  • memory/1772-0-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1772-234-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download