Analysis

  • max time kernel
    150s
  • max time network
    103s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/05/2025, 07:20

General

  • Target

    772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe

  • Size

    543KB

  • MD5

    0bd0c76c4ac975e58b0a42ae5379d4c3

  • SHA1

    071c26f93f706b8ba90494e113f6841633306d10

  • SHA256

    772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e

  • SHA512

    25279040ca828171d8a0b8ad01cd118d7578d21fbfff2c354c075c514527650d67fda37328a899bf31acfef414313b5f01def5e598dbaf78f7b0ace1b92a4f17

  • SSDEEP

    12288:9mN9Mttts+n8tGwXglfWF1wUcmN9Mttts+n8tGwXglfWF1wUl:9mNOttts+nKGwXgluF1wtmNOttts+nKZ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3866) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe
    "C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3468

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2117256398-1057710415-2142084777-1000\desktop.ini.tmp

          Filesize

          544KB

          MD5

          4402736855ae34be7852266ddea3f943

          SHA1

          95aff737d3ce0b7127a1932b4bdd3943fb541822

          SHA256

          3073db412f2448f51bffb0c5ff5d4eba21577ab12be3a10a9f26b8a0e2eda9ed

          SHA512

          0ce07e94f9c92daac3e6d73d5996dacbbecfcbeadd5d6ef1344f2a3f49aedc82c1b730cd5b14bf5960a79b36ca8b630cbeb06fd9fc3be587b05309f18a24adce

        • C:\c8b37a19c794785c97\2010_x86.log.html.tmp

          Filesize

          624KB

          MD5

          55e4d392afb0a8b7426c76b60fc4509b

          SHA1

          9a4f8ed47990d8d34f258b4d40cbe73840f515a2

          SHA256

          3eaa84ac5b2b321ea66df3b18f7db4116123c8ea89d3e73d4053f13efb8eb54f

          SHA512

          2d70ca8ddefff5289e2a643780bd0ab5a550119d3a23407eb8b2bb536067b002457eb30aad972ff5f86db0fb4decacbf54daeab14f9a24b50524a580e2ba24f9