9e1fdd19e82803662c9c166f01d5dc2a0ccd464aafde12316bc8921ea23c2bd9

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/09/2024, 12:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dabf11d4feaaad7864a85cfb54d6c250N.exe
Size

43KB
MD5

dabf11d4feaaad7864a85cfb54d6c250
SHA1

b40ccc4a1b7a460608ff0a15d210aef3e877ad91
SHA256

9e1fdd19e82803662c9c166f01d5dc2a0ccd464aafde12316bc8921ea23c2bd9
SHA512

a588a3962b234a039e70ca90fd6f4c1a68395e0d1f27268395ae0df2b89b084d9e8396c4a3e1b35ddf30b1ea14670e028eac1d684781ea9dc45257bd28104917
SSDEEP

768:W7Blp2sspARFbh5YSfff9n1oXKCqzEIn1oXKCqzEM86:W7Z2sspAp5YSfffF

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3218) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsFormsIntegration.resources.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	dabf11d4feaaad7864a85cfb54d6c250N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dabf11d4feaaad7864a85cfb54d6c250N.exe

C:\Users\Admin\AppData\Local\Temp\dabf11d4feaaad7864a85cfb54d6c250N.exe
"C:\Users\Admin\AppData\Local\Temp\dabf11d4feaaad7864a85cfb54d6c250N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
43KB

MD5
b771fcee2f18be545f1dce6e662bcf93

SHA1
4f34ab1308a5be6e450f0e9dd8ad8433ec31d36c

SHA256
f43013a17f995b317751ab5f2e12b6f7d2a04dc0e8c97296a41f34f89e7832c3

SHA512
1c1423abd17ef82a174836d5b484aa3a704f1f84ab10d965036e458dd5bdd1eee5f75c9a90a9a573f43a31f0e4b5ee8595d22d6d3f796afb3adc7ce77c3bc9fe

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
38fe8047c3c6c9d476a451282f5421e5

SHA1
1d9efc4f02efb0d74433be3c85d418610c8c58c4

SHA256
f1126e9c7895bf6380cca13fbfa037c2fdd6820d6187d483190db200458aa9c2

SHA512
1930af51a28e27549443a5cb483743e349e90f55fca7aff0d21d854b8395bc5b5e5c5ae72e8110115d99192e86dfe5417ac234c9646d59998b96e9beca53ce96

Download Submit