Analysis

  • max time kernel
    150s
  • max time network
    102s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/05/2025, 07:20

General

  • Target

    3ff67f2622d80e87879506355aa5640427575f280935a7dc0b5ffd69ebd38deb.exe

  • Size

    84KB

  • MD5

    bf8878419427e48eeddb51940e6c2d2f

  • SHA1

    4184fbf2fd60114e0459768dcf727053d2beefa0

  • SHA256

    3ff67f2622d80e87879506355aa5640427575f280935a7dc0b5ffd69ebd38deb

  • SHA512

    2dea4a8c398855c1d398fa407459e9bc90fadf89f3870c5cb3e43b7bedbd2497fd9172f935d7945c1b8be0a12b6d2b47a9786db250c6b392539ed1a18189ae9a

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOkBnpdnJdL1JcdyadgpAdRdYkq96QdMYdmJFI:s7ZppApdII8JzT0xs

Score
9/10

Malware Config

Signatures

  • Renames multiple (5154) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ff67f2622d80e87879506355aa5640427575f280935a7dc0b5ffd69ebd38deb.exe
    "C:\Users\Admin\AppData\Local\Temp\3ff67f2622d80e87879506355aa5640427575f280935a7dc0b5ffd69ebd38deb.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1768

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3518521428-3897247806-4080064211-1000\desktop.ini.tmp

          Filesize

          85KB

          MD5

          822c935421096cae22b7683f27fe7710

          SHA1

          7ee5fc2813c751b5206ca602c079600980c2bbf1

          SHA256

          d0d05cf43dde1c0e669e724c5b5f7bd51dedf28aad3a04cbf9fec510269ac5eb

          SHA512

          a87e6802087684bf0088b87062c559e6fe3d8c856937d6f234ddc4252fd52a245c6b6d4385ef48bcd99b349ad2a62cbf0f00033a718cc7fa77ff49d1c59a541e

        • C:\ef24ccacc0fb7a1128713900cef14716\2010_x64.log.html.tmp

          Filesize

          171KB

          MD5

          5190b7fcb2cd202e430d362fb4cf3e1c

          SHA1

          8c948283ad9214a4a3a064a2f2beacb65671c728

          SHA256

          d79fb2644f9197f9e7f63e2f050024144d41baf8ae64413f074912dc6af8b618

          SHA512

          e7da698ce42c51bbfe5a108b04b8b2d9808b2e0abdb650ec7b9623e203dc6f649b598f063be45d161db4d85361f7d5a004281ea4c50654261e8673de5f0b6c99