Overview

overview

6

Static

static

3

2179d2e2fe...JC.exe

windows7-x64

6

2179d2e2fe...JC.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2023, 21:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2179d2e2fe043348627bfcd8bcc57b55_JC.exe

  • Size

    1.5MB

  • MD5

    2179d2e2fe043348627bfcd8bcc57b55

  • SHA1

    686c86a9f710e6af022f7337f73c8cc44d10891b

  • SHA256

    a15f1b4d01664bf77866a27c5d3a6f99fa808f0699f101bb402060a5c3ea3f31

  • SHA512

    d8a03af1cbe8db25afef4c8791ee8fc5895d91a305587f4f558f69886093086415c4a7b8a6f4598ba0280ceef3a4fb53d6dca86bcde2fa06720d45d93a76c15e

  • SSDEEP

    6144:l1/lKgzelZNQSBQGH/CSpWqTVmQ0ueF/mNyB:lcfBQGH6SfsQJCB

Score
6/10
ransomware

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2179d2e2fe043348627bfcd8bcc57b55_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2179d2e2fe043348627bfcd8bcc57b55_JC.exe"
    1⤵
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 968
      2⤵
      • Program crash
      PID:1484

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\7-Zip\7z.cab
          Filesize

          458KB

          MD5

          619f7135621b50fd1900ff24aade1524

          SHA1

          6c7ea8bbd435163ae3945cbef30ef6b9872a4591

          SHA256

          344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

          SHA512

          2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          285KB

          MD5

          0c94e7bbb5b6aa4121cd3df06bc0dd87

          SHA1

          50ec35be938a22966f9b5451481f452c5cae28c5

          SHA256

          2dd12bf970a61a7a009ff7ce6cc8a7c612987297f22f42d870117961c944f822

          SHA512

          349efa08579fcae16dda438114c1c58f23c9de9c55bce689aecc09fc4c047d9a0eae15ecffda9798d1b62ed64de4aa96053bdd4890f202d6980915646ece1000

          Download Submit

        • C:\Program Files\7-Zip\7zFM.cab
          Filesize

          847KB

          MD5

          c8f40f25f783a52262bdaedeb5555427

          SHA1

          e45e198607c8d7398745baa71780e3e7a2f6deca

          SHA256

          e81b44ee7381ae3b630488b6fb7e3d9ffbdd9ac3032181d4ccaaff3409b57316

          SHA512

          f5944743f54028eb1dd0f2d68468726b177d33185324da0da96cdd20768bab4ca2e507ae9157b2733fd6240c920b7e15a5f5b9f284ee09d0fd385fc895b97191

          Download Submit

        • C:\Program Files\7-Zip\7zFM.exe
          Filesize

          1.5MB

          MD5

          a7f06f141cdab30972958ba56923c181

          SHA1

          94074aea081180b2274053d3d0e801314d674e78

          SHA256

          4701cc699a5832c7138fcd2cf5dd0dd8d40006244a2f8f3340c4b584f5f01d01

          SHA512

          793f60324c519135936b9f7b1f1aadd7b9e744afb33a430dc0651c1283885d18eb2c4e58242f95e48342b982cac8b7028842d35f5669d4d792e9f8546e2731a6

          Download Submit

        • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
          Filesize

          326KB

          MD5

          1892e0f0e29cc098b349f318f670a8cb

          SHA1

          615d53956a245727e358763e2a3460aeadef97a8

          SHA256

          0566555ba2d1adf0b376a5cfaf6e9b9d184ba86fa0662e4f0ea4fd9d6e84af18

          SHA512

          513e1e824fabb481ee8d0a684d1ad489670b7ecd90dada48fca8c20b77b0f307056811aa49f27361c4eb53c2ebaac2a5baab5a9052d575711e5cebf259808403

          Download Submit

        • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab
          Filesize

          118KB

          MD5

          f45a7db6aec433fd579774dfdb3eaa89

          SHA1

          2f8773cc2b720143776a0909d19b98c4954b39cc

          SHA256

          2bc2372cfabd26933bc4012046e66a5d2efc9554c0835d1a0aa012d3bd1a6f9a

          SHA512

          03a4b7c53373ff6308a0292bb84981dc1566923e93669bbb11cb03d9f58a8d477a1a2399aac5059f477bbf1cf14b17817d208bc7c496b8675ece83cdabec5662

          Download Submit

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab
          Filesize

          1.6MB

          MD5

          527e039ba9add8a7fac3a6bc30a6d476

          SHA1

          729a329265eda72cada039c1941e7c672addfc19

          SHA256

          4b8a72fc81b733ed2e6e70d4c5401f954002783dbf14927849ad579860780b94

          SHA512

          9e73e14e33a5f07a87e9c1fecfdaee09d1408471052aacfde3d1e877dad4d253b525ebefca6bddabc23cf81d8dcce0785aedcc2f135d171ecbb1feaeb922c449

          Download Submit

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
          Filesize

          1.5MB

          MD5

          50cdf3ec72ac88e2a64343a19a7ba52b

          SHA1

          cb491c555fb244145cd4c3b0af857d753ce253bd

          SHA256

          1f8ff4a5d2fb8a33eeab9c0ac37d6b5d0937db0cf94cd95380be937cd107cb0c

          SHA512

          f23ec842f6774b0fb869eff14209d9dca220b70c4810553a0208f7e8b8703e99d01c594f1ae56cc391c23dabf09ae4ae98686e2395a27d834257b25a1ef134f7

          Download Submit

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab
          Filesize

          1.6MB

          MD5

          ec6386b63c3a5ffe0577905e94262c3a

          SHA1

          8f8c428d0e7f32c9d733ca28384ded413a060588

          SHA256

          302c968ab3e1227d54df4e72f39088d7483d25eeb3037f0b16bc39cef2728fa4

          SHA512

          ddbefb759858493de1f9d7addc6ff4488c8be3164374e0a88c3cbe97751510005dfe6d91c5499fcbdc35aa33a8eda2d45591a66e54ab9462277dc833faef77c3

          Download Submit

        • C:\Program Files\Google\Chrome\Application\RCX4538.tmp
          Filesize

          384KB

          MD5

          40be5d2a1c3b23ce062c8604c2289bd5

          SHA1

          f09baa2c0ff82ddb62d8525472a03b86ff6b0091

          SHA256

          ae55d2c382076acd790a7f5eb2087b1ddb2e1b84bb8902d720b7cab3c2895b3f

          SHA512

          6a23ba39eefe94071030903ada5d38cb1c880e659449a4057695600df15e24ea48a1dffe1b0ead3e605b31bca5bf3ab6e9dafbac8598b6ad19465f04b1f1a1f8

          Download Submit

        • C:\Program Files\Google\Chrome\Application\chrome.cab
          Filesize

          2.8MB

          MD5

          095092f4e746810c5829038d48afd55a

          SHA1

          246eb3d41194dddc826049bbafeb6fc522ec044a

          SHA256

          2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588

          SHA512

          7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

          Download Submit

        • C:\Program Files\Google\Chrome\Application\chrome.exe
          Filesize

          405KB

          MD5

          8be0a1d3772c5cbfe083c6e7e7b01829

          SHA1

          e4013de7491d8346e18071c51b186002f2bb424d

          SHA256

          8b8327b2b7af6b31d13194da723f10d261fbd75f681085ee21c7588d33839d0e

          SHA512

          a46c4fd3427329c8dcd55994bf54e62a7a060163eefa77555cd9925827a2f2e97759cb1f9b38f971f33dc6c54ff6f81fb1791274a3de4f671244a356a823b765

          Download Submit

        • C:\Program Files\Google\Chrome\Application\chrome_proxy.cab
          Filesize

          1020KB

          MD5

          b65d7344b0a7faa207d2e1a7adaafb60

          SHA1

          755ad15b1745b0e730d658d4a92e2b754425b7db

          SHA256

          f4b91fbbcba8a46eefe4965e4a24c6ede3decbd1fec96e141a1953173efd1c92

          SHA512

          f17ac73c2df7c73a31b11ce0f533d6db91bdb0cdeea653dcd52ac72c3cf28da0c236b79586ddc7a6c825fdd171290722f888465e776f12ac2cae75be82726b22

          Download Submit

        • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Filesize

          423KB

          MD5

          2ded717cc032a1105acf82a8e7d66f5b

          SHA1

          0ce9a503044d767829d85ffd78d87be49459931d

          SHA256

          0019fbc76be3a655af1ac729c10db99eca995fafce0721c6e2590de86a5fc06d

          SHA512

          917a3d6b3d798a1ba194f8d37e02de3e88f03fbacd3e7ebbb9415dbeb930a35c1a3695c8e8736d8b4e5afbd69ca9415224308618ecce05fc152370b3a514332e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
          Filesize

          135KB

          MD5

          0d472c9720e55e9c249207de6c69722c

          SHA1

          7244426a440a268cb37b49005812b8f20f052776

          SHA256

          bc1d3cfb69f97bc930af3af7be8601e60eb1cc78516aa844e41c65e51c316de3

          SHA512

          f77bf33604691e0f21f1f3548187153495aad5cd5beb80b409ff50c71502e5303ddb7d64b652edc5b4177bf88e8cee0df914f91b9532b9b1116af32050291cca

          Download Submit

        • memory/1772-0-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/1772-234-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download