0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 18:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
Size

48KB
MD5

51fd1daddbddccd1199e34530379e64e
SHA1

2a8965f0eaad5673637c863f683cdb84a927adc9
SHA256

0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198
SHA512

9c67073176a292c45b3f49380e9e6494898e35edf6463d57de5e466b7083b463da0e90f33b338831de5a249f51430924752479c2511f015a3a0cf1ee45a34ac2
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7cY9xTMaa1xTMaav:W7ZhA7pApw03vR03v4Y9xha1xhav

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3697) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\DenySuspend.xla.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\settings.js.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe

C:\Users\Admin\AppData\Local\Temp\0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe
"C:\Users\Admin\AppData\Local\Temp\0cabd6384abe1d46159d6a37c893d0d7c4e0625ced21659d7293e8aceacad198.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
49KB

MD5
1b0225c90718547534787ebc411bad60

SHA1
9722f3a506c156d228907bf988913ffea88b1802

SHA256
4cbd66e633cae945786b1772bd2d6f0bcd9df179db954d05adc7e1359345a4df

SHA512
8d0c4a26fe77f38a247b401eb5a6a5658590a14840f700976420fbc143544d2c6d6b0d3a1f0c820e8c65bfb743343bec849a474bff60027bbb43db6fb4001978

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
e4e9f3436bab9bc4106d4b05bc69ad3a

SHA1
e8a55d42f96171baf258424ba7db92906990d0c1

SHA256
017e84982b65a3251f7fd04f8541f3c5df93a4be011d7d5c168882086b2d2639

SHA512
95b672f7b90df21dd6aaa03fdc3611035b46b4bebaa4a373279da051fb03a69cf9392e749ecae9310eed4e45f4c3599373a337e5263558931430768159d53514

Download Submit