342e556bfc8286ad0c81fc6feeacde3adc1b5092cac400191c0af15eadaa1f7e

Analysis

max time kernel
152s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 01:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b5cc05102775281c6ea7d2ff297432b3_JC.exe
Size

1.5MB
MD5

b5cc05102775281c6ea7d2ff297432b3
SHA1

3989274525fa331cabff72eb8d07bc41923780a8
SHA256

342e556bfc8286ad0c81fc6feeacde3adc1b5092cac400191c0af15eadaa1f7e
SHA512

91a532eb79080abcb0cacd167173d815947ad5346c81b5ada4bf6fcfbca9865750b50e4b7c9e57c3c5bf6702f596ab2d4213bad945498af8702753fb7e9c8e11
SSDEEP

3072:+7vHbtGXRvjxCb5NgXDY7uSK4aqTB3RtbfuDUc0gmQD:2clKgzeYqTYmQ

Score

6^/10

ransomware

Malware Config

Signatures

Enumerates connected drives 3 TTPs 10 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened (read-only)	\??\K:	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened (read-only)	\??\L:	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened (read-only)	\??\M:	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened (read-only)	\??\N:	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened (read-only)	\??\O:	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened (read-only)	\??\G:	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened (read-only)	\??\H:	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened (read-only)	\??\I:	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened (read-only)	\??\J:	b5cc05102775281c6ea7d2ff297432b3_JC.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg"	b5cc05102775281c6ea7d2ff297432b3_JC.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX52B7.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX5176.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX5319.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX4FD7.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\7-Zip\7zFM.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX5175.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX5378.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX4F39.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX5317.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\DVD Maker\DVDMaker.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX519C.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\DVD Maker\DVDMaker.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX5188.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX5318.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\7-Zip\7zFM.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RCX50E6.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX4FE7.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX4FF8.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\mip.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX5189.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX519D.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX5165.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX4F49.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\7-Zip\RCX4FF9.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.cab	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX5379.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX52B8.tmp	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	b5cc05102775281c6ea7d2ff297432b3_JC.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\windows\readme.1xt	b5cc05102775281c6ea7d2ff297432b3_JC.exe
File created	C:\windows\WallPapers.jpg	b5cc05102775281c6ea7d2ff297432b3_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1968	2204	WerFault.exe	13

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Desktop\General	b5cc05102775281c6ea7d2ff297432b3_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\windows\\WallPapers.jpg"	b5cc05102775281c6ea7d2ff297432b3_JC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1968	2204	b5cc05102775281c6ea7d2ff297432b3_JC.exe	28
PID 2204 wrote to memory of 1968	2204	b5cc05102775281c6ea7d2ff297432b3_JC.exe	28
PID 2204 wrote to memory of 1968	2204	b5cc05102775281c6ea7d2ff297432b3_JC.exe	28
PID 2204 wrote to memory of 1968	2204	b5cc05102775281c6ea7d2ff297432b3_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\b5cc05102775281c6ea7d2ff297432b3_JC.exe
"C:\Users\Admin\AppData\Local\Temp\b5cc05102775281c6ea7d2ff297432b3_JC.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 976
  2⤵
  - Program crash
  PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.cab

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.5MB

MD5
cf57b9ed3cc9e4ebe39596e411ba3694

SHA1
9e33ba2737279d9a2bab4e0c57bdc7d6bbd3939e

SHA256
f9dcbb74f8f39fbfe233555a8d9893165731a81c427ec94db41ce0c86da23318

SHA512
35c53e75639aaace8a4f8e9917955dd13239b1bcf4af5660543285001a5a7cc4b7140771a4e0abb30ba48b423276e1f836d372a1637e39d732db773105aaee2b

Download Submit
C:\Program Files\7-Zip\7zFM.cab

Filesize
847KB

MD5
c8f40f25f783a52262bdaedeb5555427

SHA1
e45e198607c8d7398745baa71780e3e7a2f6deca

SHA256
e81b44ee7381ae3b630488b6fb7e3d9ffbdd9ac3032181d4ccaaff3409b57316

SHA512
f5944743f54028eb1dd0f2d68468726b177d33185324da0da96cdd20768bab4ca2e507ae9157b2733fd6240c920b7e15a5f5b9f284ee09d0fd385fc895b97191

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
236KB

MD5
507a8ee38986b69519d6927df430af4c

SHA1
dd987f0a8c84decfb457b24eaa198dc581d3bd96

SHA256
2b0667b463a99b7fadca55af3fe1cd75e82733179c9a1b5c062f3f5ec52b036e

SHA512
ad01a78667882b441877d72d6f63e1649308b38d655132af223a346ccd0f3c3b5918c48a8b81a239e23c6eecde55d7ea6ad5aabba3b51d28b763be10e7b3027c

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab

Filesize
118KB

MD5
f45a7db6aec433fd579774dfdb3eaa89

SHA1
2f8773cc2b720143776a0909d19b98c4954b39cc

SHA256
2bc2372cfabd26933bc4012046e66a5d2efc9554c0835d1a0aa012d3bd1a6f9a

SHA512
03a4b7c53373ff6308a0292bb84981dc1566923e93669bbb11cb03d9f58a8d477a1a2399aac5059f477bbf1cf14b17817d208bc7c496b8675ece83cdabec5662

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab

Filesize
1.6MB

MD5
527e039ba9add8a7fac3a6bc30a6d476

SHA1
729a329265eda72cada039c1941e7c672addfc19

SHA256
4b8a72fc81b733ed2e6e70d4c5401f954002783dbf14927849ad579860780b94

SHA512
9e73e14e33a5f07a87e9c1fecfdaee09d1408471052aacfde3d1e877dad4d253b525ebefca6bddabc23cf81d8dcce0785aedcc2f135d171ecbb1feaeb922c449

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
1.5MB

MD5
9bcda5c036d1f224d4e3525842a57f05

SHA1
bd30d024e058f2f4471d76e6297b7b01beddc3b7

SHA256
a77771a749177ef890a0be187e15e7336af6dac93758dbad89fb078622070089

SHA512
307703cbbde4d7a8b74c442a9831b6a217e4f5a6dc955491fa968034c2728d81b7f932b643165047ea3b45441048c3e78020c12e606b0be625e53f28b2e3c4c0

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab

Filesize
1.6MB

MD5
ec6386b63c3a5ffe0577905e94262c3a

SHA1
8f8c428d0e7f32c9d733ca28384ded413a060588

SHA256
302c968ab3e1227d54df4e72f39088d7483d25eeb3037f0b16bc39cef2728fa4

SHA512
ddbefb759858493de1f9d7addc6ff4488c8be3164374e0a88c3cbe97751510005dfe6d91c5499fcbdc35aa33a8eda2d45591a66e54ab9462277dc833faef77c3

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.cab

Filesize
2.8MB

MD5
095092f4e746810c5829038d48afd55a

SHA1
246eb3d41194dddc826049bbafeb6fc522ec044a

SHA256
2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588

SHA512
7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe

Filesize
1.5MB

MD5
20d00d77d6fade1317f58445a2f21838

SHA1
73bbde72532b0baf757a892a160a5c647664b24d

SHA256
dcea5c46307a08ebdcd359a9dd7d92ee447975272a00b1be1e07e49c767832c4

SHA512
2f34c61d67a4886149ed8670e2f456e4d1aa817bc65531241ba3887fad959d10ebefcd4b23de8a05d310ee6779d010380e970d7efc6c48e093a5da924b00b9cc

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.cab

Filesize
1020KB

MD5
b65d7344b0a7faa207d2e1a7adaafb60

SHA1
755ad15b1745b0e730d658d4a92e2b754425b7db

SHA256
f4b91fbbcba8a46eefe4965e4a24c6ede3decbd1fec96e141a1953173efd1c92

SHA512
f17ac73c2df7c73a31b11ce0f533d6db91bdb0cdeea653dcd52ac72c3cf28da0c236b79586ddc7a6c825fdd171290722f888465e776f12ac2cae75be82726b22

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Filesize
135KB

MD5
e55a6b3e8e165e589d1d00af488242d1

SHA1
fcdc9016b22f06b5232af1cc1c0cdf95424a3405

SHA256
177dd9114b30dcbc2628a50de5b700dca77a5059b78d513a0adf4b0dafcd9d92

SHA512
b303783193b04587de8d6d58b678416b66efcc9bfef1a4857d3c6d105c4709c65ffc37313cff2ed1a0ebdc2fa050ea826955b8053e311a11a05c2b319990a1a3

Download Submit
memory/2204-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2204-238-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads