Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2025, 07:20

General

  • Target

    7b9536e0c2d8342c3091c372733088764bbf241a89d6d64a07a711a315ff2981.exe

  • Size

    643KB

  • MD5

    8cd2f51cb8087bba667d4a0f9df7cfa7

  • SHA1

    ce3bf60eb2723ca3d145881124dcf4b5ba3b15bc

  • SHA256

    7b9536e0c2d8342c3091c372733088764bbf241a89d6d64a07a711a315ff2981

  • SHA512

    a91ae71b3c46adce9b1543fb12431775a420e508770bbd5bc5e490994bb5433773a7e0bffa8d2ee98e42b190021d0487cdf90a3fdb2a605bd7aa9551c39e247b

  • SSDEEP

    6144:Ny3rYMv0pilFvAfTtYHHu8C/TXmrILY3rYMv0pilFvAfTtYHHu8C/TXmrIL0:wvvUcFvACw7XmrnvvUcFvACw7Xmr3

Score
9/10

Malware Config

Signatures

  • Renames multiple (3021) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b9536e0c2d8342c3091c372733088764bbf241a89d6d64a07a711a315ff2981.exe
    "C:\Users\Admin\AppData\Local\Temp\7b9536e0c2d8342c3091c372733088764bbf241a89d6d64a07a711a315ff2981.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4204

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3690492401-2005096563-3427069815-1000\desktop.ini.tmp

          Filesize

          644KB

          MD5

          5116df90a339a96989ac71fd25c143db

          SHA1

          a90b8cf17ff6da0fd552dad5b29568a44471a097

          SHA256

          76736ffca644d9fd358981bc31141e4d32b7c7a943598c0f50adcb27a76d1b7d

          SHA512

          50c89f11e555f29126cb2db27dd2b6f36ee4319be7bd1c8d45b6842fff7177343f4ee476a8c99ce6e038db0803b3bb6aea67e518ad7f06cb168a928154597767

        • C:\f32c6debfbe15d219b06a854\2010_x64.log.html.tmp

          Filesize

          729KB

          MD5

          5b2d5474d68b2db0d5194cf8ee72ff89

          SHA1

          5b86175da30270320257107329263b8c7ed0000a

          SHA256

          16fd192f9552111589d2277f12f3fec00b81b0bb9270f05f4618b7ba07aa467d

          SHA512

          6df9baad25699187d404014dfb157a784b7706b6653673933768dfb3a67c7627aa4dc1c92142bfc973afd73df9142aeb64d0026b3e4057e0a11970f1ef74aa28