Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2025, 07:20

General

  • Target

    6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877.exe

  • Size

    23KB

  • MD5

    1186edb1a4af90be26d5d6c677cdfb88

  • SHA1

    b180efc546d2259076b13a83625877848521c258

  • SHA256

    6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877

  • SHA512

    ba80ee29dd840c3ba68c188215563513bd61b6e43c77fc5cdee5a99767648188847b43ac80e607bc69c40c6b8f22aefcae54a46669a6f9450306b936ec2a4693

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOiOZ2OZel5Jlmsl5JlmF:s7BlpppARFbhdLz8ae+rOn8ae+rOcWy8

Score
9/10

Malware Config

Signatures

  • Renames multiple (5197) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877.exe
    "C:\Users\Admin\AppData\Local\Temp\6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1672

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3920234085-916416549-2700794571-1000\desktop.ini.tmp

          Filesize

          24KB

          MD5

          ddbb61d41bf61a878fee800bb5aa03bf

          SHA1

          58a9cd413c0f3b1b10670e655c8cbd3f023c175e

          SHA256

          213801aa5290696fd2811c87c698f457625055e9dff48cb415a3e0edbd7544ae

          SHA512

          afc59b1c188a9f824c320410eecc0f2ef7f2c1e57f7a0930c23ab94c8237b36aee78f464cc7103ba3e64f72ac06ca9e4afa1eea9f9c24ebd90ea3ad3ff8fcca3

        • C:\6eaadd5e1536cd09900c16de307910\2010_x86.log.html.tmp

          Filesize

          105KB

          MD5

          9d45a0d14bcc1c4b7965d5c51e27e649

          SHA1

          e58e5b5d8929ec022953c48feb4df3dd9e383e12

          SHA256

          203ceee86055d5425bd9bb0d83d238388ee2acd0e8f487016c6ec2270a5cbd79

          SHA512

          1de31b5d2675c64cc7d8c55621b11684cc4a1e67d7eafcc69fb81dc2968f7abb0f907fe885607d2c61e8a80ab4c46bbe943713a68352efdb110b4801537f59e8