Analysis Overview
SHA256
772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e
Threat Level: Likely malicious
The file 772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (3866) files with added filename extension
Renames multiple (3484) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-15 07:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-05-15 07:20
Reported
2025-05-15 07:23
Platform
win11-20250502-en
Max time kernel
150s
Max time network
103s
Command Line
Signatures
Renames multiple (3866) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe
"C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-2117256398-1057710415-2142084777-1000\desktop.ini.tmp
| MD5 | 4402736855ae34be7852266ddea3f943 |
| SHA1 | 95aff737d3ce0b7127a1932b4bdd3943fb541822 |
| SHA256 | 3073db412f2448f51bffb0c5ff5d4eba21577ab12be3a10a9f26b8a0e2eda9ed |
| SHA512 | 0ce07e94f9c92daac3e6d73d5996dacbbecfcbeadd5d6ef1344f2a3f49aedc82c1b730cd5b14bf5960a79b36ca8b630cbeb06fd9fc3be587b05309f18a24adce |
C:\c8b37a19c794785c97\2010_x86.log.html.tmp
| MD5 | 55e4d392afb0a8b7426c76b60fc4509b |
| SHA1 | 9a4f8ed47990d8d34f258b4d40cbe73840f515a2 |
| SHA256 | 3eaa84ac5b2b321ea66df3b18f7db4116123c8ea89d3e73d4053f13efb8eb54f |
| SHA512 | 2d70ca8ddefff5289e2a643780bd0ab5a550119d3a23407eb8b2bb536067b002457eb30aad972ff5f86db0fb4decacbf54daeab14f9a24b50524a580e2ba24f9 |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-15 07:20
Reported
2025-05-15 07:22
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
139s
Command Line
Signatures
Renames multiple (3484) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe
"C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.251.37.35:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3920234085-916416549-2700794571-1000\desktop.ini.tmp
| MD5 | cbca8c7e5fd0e7a114ba77616b73ef83 |
| SHA1 | 615f07b4d0e162530984c5e7b0cda8c2df9939e8 |
| SHA256 | 899663851789fe52ea33d03084314b877c128960416665369775e2bb7267c59d |
| SHA512 | ca0ffaa0f9a793bdde2e6c24212760fb37fce4a1e6f68ecb2b9139e9b1a6e5b96c02d22306169896493c9612d425342166418a241383001e1e2d16ff6ef5e8a5 |
C:\6eaadd5e1536cd09900c16de307910\2010_x86.log.html.tmp
| MD5 | 13897578023e0f754e6c1d2c08e27f45 |
| SHA1 | 8cf3247d2fe1e9935d8bfe8138cea871441ba43f |
| SHA256 | 979a910f920b0294d8e3e1420dfc5615bf0971ef67a63bd120640bc241295477 |
| SHA512 | 1c9bc519286f0744ef7fb1d07654003fc1d2c13971420040cd8bde3fb8c67c1df281f1339a201695d645fd62e01c358558648c3d2558f14c684a44b63d2fcefe |