.NMCRYPT Files Ransomware Virus – How to Remove + Restore Data
Tags
country: Australia Netherlands Germany France Greece India Italy Spain Poland Portugal United Kingdom United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Email Account - T1087.003 Login Items - T1547.015 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Sharepoint - T1213.002 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 13ed0e4f-bb76-4f5a-a7ab-abbdb4fb53c3
Fingerprint 222ba4b4ee7aec0
Analysis status DONE
Considered CTI value -2
Text language
Published April 16, 2018, 1:28 p.m.
Added to db Sept. 26, 2022, 9:32 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline .NMCRYPT Files Ransomware Virus – How to Remove + Restore Data
Title .NMCRYPT Files Ransomware Virus – How to Remove + Restore Data
Detected Hints/Tags/Attributes 97/3/32
Source URLs
Redirection Url
Details Source https://sensorstechforum.com/nmcrypt-files-ransomware-virus-remove-restore-data/
URL Provider
Details Provider Source level domain
Details sensorstechforum.com sensorstechforum.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
owow32ww.cab
Details Domain 1 
propsww.cab
Details Domain 1 
propsww2.cab
Details Domain 38 
ntdetect.com
Details Domain 544 
sensorstechforum.com
Details File 17 
files.html
Details File 1122 
svchost.exe
Details File 17 
scvhost.exe
Details File 41 
svhost.exe
Details File 345 
vssadmin.exe
Details File 118 
sc.exe
Details File 48 
net1.exe
Details File 2126 
cmd.exe
Details File 95 
wevtutil.exe
Details File 1 
proplusww.xml
Details File 1 
owow32ww.cab
Details File 1 
propsww.cab
Details File 1 
office32ww.xml
Details File 1 
propsww2.cab
Details File 12 
rsaenh.dll
Details File 240 
wmic.exe
Details File 1 
vssadin.exe
Details File 64 
config.sys
Details File 38 
io.sys
Details File 16 
msdos.sys
Details File 193 
ntuser.dat
Details File 3 
yako.html
Details sha256 1 
e192995a42b91bd86aa0c5fe5d4e4aaff1b921bdb10946b1ea67565b5d3164da
Details Windows Registry Key 493 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 582 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 470 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Details Windows Registry Key 480 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce