2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
Size

40KB
MD5

8a7f01a2e0fcf9aae14b2c2a738c69b5
SHA1

5bdb24fb1a5f7e63e1104022cfdcc0b0b0a8baaf
SHA256

2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e
SHA512

7f28d3bd55d3d18863d4ae052ffd79bc53b8d46dc4d25bbba0151bcf46a26ba62182b1ed50d5233b4dbff711e1c8e20825664eba79fb6ad3d0749d39ff29abe0
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJWX0kXX0k2GsG+:W7ZppApkGpv

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3754) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Windows Mail\en-US\WinMail.exe.mui.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe

C:\Users\Admin\AppData\Local\Temp\2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe
"C:\Users\Admin\AppData\Local\Temp\2cba9cff29c0e1e32c3acfdeae79fb21434536d3c955bac29992fafc9e446c6e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
40KB

MD5
765d8fd49154953ab10467b6a56d7b02

SHA1
7966729464c676de3ad681e2e81df6889fc93a11

SHA256
3e75de461d9b2455fc7b723abb4837304bbc8a2981d0f7c1a33d428c0a77c97c

SHA512
8582a4b34208dcdf482164d68b6c151f59fead4358af0ec3d2186560b15f0e315efbda39f332ebb496e24a9d534b9955cd27ba96ae3564e57b7cda6cdfdc8c76

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
1c670b98de60b6208bee9e84f9e1fa26

SHA1
782884c9c7404ec5ed1340e3d4f9eec9924501b0

SHA256
cbf801eafd9b66dcb53f6c2f6bf7bb3d3db935b3967651ab03409f4457e3a697

SHA512
16e603e2d3876b0a4160059b39fe2d0c6f6e83a0fdfe5d59dc75005c9f4d9c3d5784c136839d030b54c495099eac0ee61e4b1862c28c013f265660706e2c7dff

Download Submit