Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2025, 07:20

General

  • Target

    3ff67f2622d80e87879506355aa5640427575f280935a7dc0b5ffd69ebd38deb.exe

  • Size

    84KB

  • MD5

    bf8878419427e48eeddb51940e6c2d2f

  • SHA1

    4184fbf2fd60114e0459768dcf727053d2beefa0

  • SHA256

    3ff67f2622d80e87879506355aa5640427575f280935a7dc0b5ffd69ebd38deb

  • SHA512

    2dea4a8c398855c1d398fa407459e9bc90fadf89f3870c5cb3e43b7bedbd2497fd9172f935d7945c1b8be0a12b6d2b47a9786db250c6b392539ed1a18189ae9a

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOkBnpdnJdL1JcdyadgpAdRdYkq96QdMYdmJFI:s7ZppApdII8JzT0xs

Score
9/10

Malware Config

Signatures

  • Renames multiple (5029) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ff67f2622d80e87879506355aa5640427575f280935a7dc0b5ffd69ebd38deb.exe
    "C:\Users\Admin\AppData\Local\Temp\3ff67f2622d80e87879506355aa5640427575f280935a7dc0b5ffd69ebd38deb.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1460

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3674642747-2260306818-3009887879-1000\desktop.ini.tmp

          Filesize

          85KB

          MD5

          d491d13b09b12ca4297ade5a12144804

          SHA1

          a6478756eb8c99cb04f4a091655d4926a5950565

          SHA256

          c70c6c03aa769ecd490d5db44619e38598737100cf737200c3d9c67e5e1d0cc7

          SHA512

          a72c5dcae36d26da8cf75ba67437b011c5bc26ab893545018f3bb07bb4e6e44e065bc861b4fd88e66e32e8a1e1bd798e492ae2926e98d8a59169d2ad6a4bd5b9

        • C:\967f022c4c136664abfad56c1fb73a\2010_x86.log.html.tmp

          Filesize

          166KB

          MD5

          6f17af4191b4eff971e7f7a0114796fa

          SHA1

          4d916b5e6ff8a5572fad6ec99c97511a7dddd3fe

          SHA256

          f0fed6de2dd72e7a8eb4a16df9f0798a504ce533607374fa64149ed2c3706343

          SHA512

          dc55fdb3033d3515805f5d8b6d2f0fc6b0f239520e779c66db6520977bac711b8e810284c28082514ecb90f76d4a977104e95d915e65f67574df344e83a4683c