Analysis Overview
SHA256
6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877
Threat Level: Likely malicious
The file 6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877 was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5296) files with added filename extension
Renames multiple (5197) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-15 07:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-15 07:20
Reported
2025-05-15 07:22
Platform
win10v2004-20250502-en
Max time kernel
149s
Max time network
142s
Command Line
Signatures
Renames multiple (5197) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877.exe
"C:\Users\Admin\AppData\Local\Temp\6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.251.37.35:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3920234085-916416549-2700794571-1000\desktop.ini.tmp
| MD5 | ddbb61d41bf61a878fee800bb5aa03bf |
| SHA1 | 58a9cd413c0f3b1b10670e655c8cbd3f023c175e |
| SHA256 | 213801aa5290696fd2811c87c698f457625055e9dff48cb415a3e0edbd7544ae |
| SHA512 | afc59b1c188a9f824c320410eecc0f2ef7f2c1e57f7a0930c23ab94c8237b36aee78f464cc7103ba3e64f72ac06ca9e4afa1eea9f9c24ebd90ea3ad3ff8fcca3 |
C:\6eaadd5e1536cd09900c16de307910\2010_x86.log.html.tmp
| MD5 | 9d45a0d14bcc1c4b7965d5c51e27e649 |
| SHA1 | e58e5b5d8929ec022953c48feb4df3dd9e383e12 |
| SHA256 | 203ceee86055d5425bd9bb0d83d238388ee2acd0e8f487016c6ec2270a5cbd79 |
| SHA512 | 1de31b5d2675c64cc7d8c55621b11684cc4a1e67d7eafcc69fb81dc2968f7abb0f907fe885607d2c61e8a80ab4c46bbe943713a68352efdb110b4801537f59e8 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-05-15 07:20
Reported
2025-05-15 07:22
Platform
win11-20250502-en
Max time kernel
150s
Max time network
103s
Command Line
Signatures
Renames multiple (5296) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877.exe
"C:\Users\Admin\AppData\Local\Temp\6ddd1b27e56a5551892f704640636dbac1dc773186b0f50bf54482efe7dff877.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-2329104403-2882594830-3136665766-1000\desktop.ini.tmp
| MD5 | 4be69077ca2920d4b6a793221ddffb0b |
| SHA1 | 4a3c059f6df1319adcd25bd329893cbf7687fe86 |
| SHA256 | 85e000d82e4d8c246f3666bef101bde91e36a9086c030a28de618544dc441e7b |
| SHA512 | 7818d23342f7eca3f28fa743e7c737cd1f16faae5031c2e3d29e0a422ed0c5389d27fe89e878e973a5c337913a2207f8c564e4ebc65cda99d8f6b02ebfa1c3e4 |
C:\bf6fffe43a1488106117f05273896fef\2010_x86.log.html.tmp
| MD5 | 6a19c9aa2aeca8b7943f71d3ddfaa96c |
| SHA1 | 840bb82d61ae17ebc2428112a39d3fad955d08cd |
| SHA256 | f4b0842abd60ec4e471df8220b93076e8bae331f709a342485ad806140a16477 |
| SHA512 | 90da8ca7fdcceb7599a9d5025df2cd75eefd66ca9dc588ce86fe3aab666fffbd16837fdee94ad55c368729d593fb5d0373c37d8a5e82d78f128c3b5adb4384e2 |