a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
Size

53KB
MD5

1ffeab1f65bc0d8a72f7edb415be1d34
SHA1

b14371bb404e4175a83ef47af3b4ad5c72d2443b
SHA256

a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54
SHA512

e2831c6175da790c17998f7a983135e9183b44a061dda2cb685b56376992da0c591a02c60e28ad1ce9c4a435dd231aa276021a6cac6e191ea0f792e4067153e8
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOd+QRA88O1ggi1x+88O1ggi1x8:W7ZhA7pApM21LOA1LOTRAsWysWQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3697) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swf.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\calendar.js.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_2.jtp.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe

C:\Users\Admin\AppData\Local\Temp\a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe
"C:\Users\Admin\AppData\Local\Temp\a8d1cace4978ea0d85fcb2ba910c8f5c9462ffda1fea59b7e700da0270e68a54.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

Filesize
54KB

MD5
bc10ad8c91ba6603d9bd21f4622429d7

SHA1
7e72be4989f6c78037b5e4c0bc1979f1da84f26e

SHA256
a1d5c2f654696e0905dd870462ea20791b97f5da2945bcafc66ef4d4260aa770

SHA512
2338a6898c2ad43fe02cf6355dd6fa4611c72677f02c3171760f1942b244ab17dc6445b5be74bf39f5d2997e8bc19d44dcac7f79864921902c2ca45a403ec76a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
04eb24864d298e72139b21bba0ee72d2

SHA1
448c5de4642789848ac4c53e898f18b2834a3cc4

SHA256
048c8911da9132b2446da3db74d490f9a8a391721b664bf8db909040efa5e71f

SHA512
6722b3826728cd945599bdf0440e4cf9c2e4465a0dadb16b991695683c7d491f790267a84b5c6bb15248efa112a701e11d0e68c2bfbd23ae0ab3d6a24f7348c9

Download Submit