a15f1b4d01664bf77866a27c5d3a6f99fa808f0699f101bb402060a5c3ea3f31

General

Target

2179d2e2fe043348627bfcd8bcc57b55_JC.exe
Size

1.5MB
MD5

2179d2e2fe043348627bfcd8bcc57b55
SHA1

686c86a9f710e6af022f7337f73c8cc44d10891b
SHA256

a15f1b4d01664bf77866a27c5d3a6f99fa808f0699f101bb402060a5c3ea3f31
SHA512

d8a03af1cbe8db25afef4c8791ee8fc5895d91a305587f4f558f69886093086415c4a7b8a6f4598ba0280ceef3a4fb53d6dca86bcde2fa06720d45d93a76c15e
SSDEEP

6144:l1/lKgzelZNQSBQGH/CSpWqTVmQ0ueF/mNyB:lcfBQGH6SfsQJCB

Score

6^/10

ransomware

Malware Config

Signatures

Enumerates connected drives 3 TTPs 10 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened (read-only)	\??\G:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened (read-only)	\??\I:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened (read-only)	\??\J:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened (read-only)	\??\M:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened (read-only)	\??\N:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened (read-only)	\??\H:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened (read-only)	\??\K:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened (read-only)	\??\L:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened (read-only)	\??\O:	2179d2e2fe043348627bfcd8bcc57b55_JC.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\Desktop\Wallpaper = "C:\\windows\\WallPapers.jpg"	2179d2e2fe043348627bfcd8bcc57b55_JC.exe

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7zFM.cab	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File created	C:\Program Files\7-Zip\7zFM.exe	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX59F7.tmp	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX5A46.tmp	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File created	C:\Program Files\7-Zip\7z.cab	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\7-Zip\7z.cab	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX59E7.tmp	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File created	C:\Program Files\readme.1xt	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File created	C:\Program Files\7-Zip\7z.exe	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX5986.tmp	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File created	C:\Program Files\7-Zip\7zFM.cab	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX59B6.tmp	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX59B7.tmp	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX5975.tmp	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX5A76.tmp	2179d2e2fe043348627bfcd8bcc57b55_JC.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\windows\readme.1xt	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
File created	C:\windows\WallPapers.jpg	2179d2e2fe043348627bfcd8bcc57b55_JC.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4764	4696	WerFault.exe	18

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Desktop\General	2179d2e2fe043348627bfcd8bcc57b55_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\windows\\WallPapers.jpg"	2179d2e2fe043348627bfcd8bcc57b55_JC.exe

C:\Users\Admin\AppData\Local\Temp\2179d2e2fe043348627bfcd8bcc57b55_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2179d2e2fe043348627bfcd8bcc57b55_JC.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
PID:4696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 748
  2⤵
  - Program crash
  PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4696 -ip 4696
1⤵
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

1

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.cab

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.5MB

MD5
fce11fb1508c6ff84b8ff8e1714886ac

SHA1
004b31dbf4ba95119dbf37b6bff70f1b5a00bb36

SHA256
3d61daee3255534b045879f0ab0aee62f27752203f496ffd27bd28000b452bbb

SHA512
59cc50af346f05a253a7139b048ab448723125ecf67360a8d49f87ac37feeea712372cb1f02ef9124e13cbeec10f3204cac90cf7e0cd7f75dfb11eec64bfafa9

Download Submit
C:\Program Files\7-Zip\7zFM.cab

Filesize
847KB

MD5
c8f40f25f783a52262bdaedeb5555427

SHA1
e45e198607c8d7398745baa71780e3e7a2f6deca

SHA256
e81b44ee7381ae3b630488b6fb7e3d9ffbdd9ac3032181d4ccaaff3409b57316

SHA512
f5944743f54028eb1dd0f2d68468726b177d33185324da0da96cdd20768bab4ca2e507ae9157b2733fd6240c920b7e15a5f5b9f284ee09d0fd385fc895b97191

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX5A46.tmp

Filesize
246KB

MD5
09712ea06275b8926d4f5c4633aaa9a0

SHA1
7e0158cf66d8c7042cb347198d069ba49a8778c9

SHA256
dd8b722215e5aad242866ff7931adcb5f86ad81169083aa78f930cf651780d26

SHA512
8db195480ba89e9c0bc9d218c202bd821f8b8d344f90327832d203454d4051a2e420e2279158d232a093d26096bab895b8881b30055ad8ea02ad6ae807834d02

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab

Filesize
2.1MB

MD5
b8d69fa2755c3ab1f12f8866a8e2a4f7

SHA1
8e3cdfb20e158c2906323ba0094a18c7dd2aaf2d

SHA256
7e0976036431640ae1d9f1c0b52bcea5dd37ef86cd3f5304dc8a96459d9483cd

SHA512
5acac46068b331216978500f67a7fa5257bc5b05133fab6d88280b670ae4885ef2d5d1f531169b66bf1952e082f56b1ad2bc3901479b740f96c53ea405adda18

Download Submit
memory/4696-0-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4696-2-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4696-69-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads