abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90

Analysis

max time kernel
149s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
Size

55KB
MD5

29d622424fa4b730b8ff41875d70d76c
SHA1

437aae37d5a8d4526cbc671b2667f2c868834151
SHA256

abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90
SHA512

b4c468a4926a427dcdc9f78524bb695de43a9d54977708ed856e8f804b4ea8231d8f464790dd1610b16407b4aeb54a94ca6a2653664d0ebf3eb61c286fc8dc9f
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNKVkVYlIAItCCIntkntV/eazc5azccpp:W7BlpppARFbhFAxC7ntkntV/fo4ocpp

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3709) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\settings.js.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jre7\lib\zi\CET.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe

C:\Users\Admin\AppData\Local\Temp\abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
"C:\Users\Admin\AppData\Local\Temp\abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
55KB

MD5
a1152962a4e06ce69c1876936f26e913

SHA1
fb7008619bff44246fe8844ba3892e9d125d73a5

SHA256
9906ed77a973ee9cbb486fe6b0e84ed21360b250ed7156652e2ebadce2ae930a

SHA512
1984b51831fbffeb2fcfce1f3ee4dc8a8df6aa576f6bf5b4fe20f886141d7da18b4f0b66b0e54c7305896f5fa1abfe40f3ab120ca42417ffb35dcd80cfa01dc9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
cc1f79a5dc6f469056cc0452b5589119

SHA1
1c711808af0e34719129a5516d9daeda8c2c3e9b

SHA256
cd114b8be4ed0f4b229c9532c881e2e638eb297442ae70c9ccf9864175d630e2

SHA512
9f1a7174d31d77493fdd3c1869bf2651145cf5b81e408859f773b00d9ee1ef91b38398608890e6f18f4a3a4396d0b5715ccf841257af598192c8b694e1c88abf

Download Submit