Overview

overview

10

Static

static

10

Ransomware...KB.exe

windows10-ltsc_2021-x64

7

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

7

Ransomware...KB.exe

windows10-ltsc_2021-x64

7

Ransomware...KB.exe

windows11-21h2-x64

7

Ransomware...KB.exe

windows10-ltsc_2021-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows10-ltsc_2021-x64

10

Ransomware...KB.exe

windows11-21h2-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows10-ltsc_2021-x64

10

Ransomware...KB.exe

windows11-21h2-x64

10

Ransomware...KB.exe

windows10-2004-x64

9

Ransomware...KB.exe

windows7-x64

9

Ransomware...KB.exe

windows10-2004-x64

9

Ransomware...KB.exe

windows10-ltsc_2021-x64

9

Ransomware...KB.exe

windows11-21h2-x64

9

Ransomware...KB.exe

windows11-21h2-x64

9

Ransomware...KB.exe

windows7-x64

9

Ransomware...KB.exe

windows10-2004-x64

9

Ransomware...KB.exe

windows10-ltsc_2021-x64

9

Ransomware...KB.exe

windows11-21h2-x64

9

Ransomware...KB.ps1

windows11-21h2-x64

10

Ransomware...KB.ps1

windows7-x64

10

Ransomware...KB.ps1

windows10-2004-x64

10

Ransomware...KB.ps1

windows10-ltsc_2021-x64

10

Ransomware...KB.ps1

windows11-21h2-x64

10

Resubmissions

25/03/2025, 15:11

250325-skmbpsxzaw 10

25/03/2025, 15:06

250325-sg1d6a1px2 10

25/03/2025, 15:01

250325-sd5jpsxyct 10

25/03/2025, 14:56

250325-sbdcfaxxgs 10

25/03/2025, 14:50

250325-r7ve6a1nv3 10

25/03/2025, 14:46

250325-r5ab7sxwhx 10

25/03/2025, 14:40

250325-r2c9paxwe1 10

05/02/2025, 10:25

250205-mgcefaslhw 10

05/02/2025, 10:17

250205-mbs51atmbk 10

05/02/2025, 09:15

250205-k785zs1pfn 10

Analysis

  • max time kernel
    103s
  • max time network
    105s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    25/03/2025, 14:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RansomwareSamples/Nefilim_31_08_2020_3061KB.exe

  • Size

    3.0MB

  • MD5

    cd7b5d2391af7cc10f5ab11f2baef503

  • SHA1

    c735ff582ab489f13cfc76ee744e52b868012e2e

  • SHA256

    0bafde9b22d7147de8fdb852bcd529b1730acddc9eb71316b66c180106f777f5

  • SHA512

    b01c843c9a7c154ab592b667fe66b49123bfc2218904391600c1d17623b91c4e83eb6049aba01813586251596d999cce953ca689957390e658ee306a9859adca

  • SSDEEP

    24576:YOXKA8qDbjm8N3CNWYqdQCVzCYXjG9xLAW0bUXo2xdQS3aVOqL1UrSlcbHLWcR4+:tXKOm8mkdHJC0jG9xE9gdQS3aLibLw

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (136) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Nefilim_31_08_2020_3061KB.exe
    "C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Nefilim_31_08_2020_3061KB.exe"
    1⤵
      PID:5904

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\NEF1LIM-DECRYPT.txt
      Filesize

      1KB

      MD5

      26024bfff1079296a378717d3d1cb7b0

      SHA1

      26dd37b88849066fb84c3a46401fd754972f9e2f

      SHA256

      b777912f6a8177b2c58cb448da68c0eb6b2d6ab30dcc3ea0ca7e5895f40d7887

      SHA512

      69ca9d20b9322f772caf9698f2bd42cd1451369c2692042e9003a4c57b60708d385e59f6e17fe11f33b52eba48f1f96b3b84f9458c9df27b9707c76981432f84

      Download Submit