9033d83ccbc5e29e9c3a75566c4ba04f48c21dbbe5c8af02faa72f8e82fd631a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-09-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cade529bfc3e8b8809c1820fcaf29d0N.exe
Size

48KB
MD5

8cade529bfc3e8b8809c1820fcaf29d0
SHA1

ad94d773212194744f19fe520981e4b452470f3c
SHA256

9033d83ccbc5e29e9c3a75566c4ba04f48c21dbbe5c8af02faa72f8e82fd631a
SHA512

b62a264a6d0e0e7281d6b3fc6e6c286736ff4233ad6c7067f664ddcf6f2c8cba102676c80ad8c186b36d2b5506c75e7d8c9017ae80ce2e06ce7897ebfba09fbc
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOd+QRI7c7x6p:W7ZhA7pApM21LOA1LOTRcwx6p

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3445) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\InvokePush.pub.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\GrantDismount.wdp.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	8cade529bfc3e8b8809c1820fcaf29d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8cade529bfc3e8b8809c1820fcaf29d0N.exe

C:\Users\Admin\AppData\Local\Temp\8cade529bfc3e8b8809c1820fcaf29d0N.exe
"C:\Users\Admin\AppData\Local\Temp\8cade529bfc3e8b8809c1820fcaf29d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
48KB

MD5
a8e46ae6a9fd9b26efdfec83e9d9ce6b

SHA1
33dfdbe384dace335e351fab773f4ab4798b36d9

SHA256
e0398a769271781e345390f0c2c17566c7de512d0ec49e914e47fa262a0ba60a

SHA512
5d8258d61a737d0638fec345dd04443aae21ccf1c8e0d93de1a4fb9416976dff4c68700bc5b888ad948ff49eaaaaf49e186f14e142676055351d5ecd4782755b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
955e10b02dfb70487b9e426ff912173a

SHA1
6adf2a69793eff3b6312ab89e89a288765e1d80c

SHA256
362030364246fc4877bc4b5456f2fce2fe8d038bd6c986d8dbb3cd9124d321d3

SHA512
9335fb1444e467b74c4458599e8a1a6527d196dcdb80bc1fba5af3827af78c0664f73b96cce27fd7c22c185e9cf30f75122edbd7ac35c98f603a7ab1211c101a

Download Submit