Analysis

  • max time kernel
    150s
  • max time network
    112s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/05/2025, 07:20

General

  • Target

    7b9536e0c2d8342c3091c372733088764bbf241a89d6d64a07a711a315ff2981.exe

  • Size

    643KB

  • MD5

    8cd2f51cb8087bba667d4a0f9df7cfa7

  • SHA1

    ce3bf60eb2723ca3d145881124dcf4b5ba3b15bc

  • SHA256

    7b9536e0c2d8342c3091c372733088764bbf241a89d6d64a07a711a315ff2981

  • SHA512

    a91ae71b3c46adce9b1543fb12431775a420e508770bbd5bc5e490994bb5433773a7e0bffa8d2ee98e42b190021d0487cdf90a3fdb2a605bd7aa9551c39e247b

  • SSDEEP

    6144:Ny3rYMv0pilFvAfTtYHHu8C/TXmrILY3rYMv0pilFvAfTtYHHu8C/TXmrIL0:wvvUcFvACw7XmrnvvUcFvACw7Xmr3

Score
9/10

Malware Config

Signatures

  • Renames multiple (3205) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b9536e0c2d8342c3091c372733088764bbf241a89d6d64a07a711a315ff2981.exe
    "C:\Users\Admin\AppData\Local\Temp\7b9536e0c2d8342c3091c372733088764bbf241a89d6d64a07a711a315ff2981.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2220

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1283078542-320785498-2248628612-1000\desktop.ini.tmp

          Filesize

          644KB

          MD5

          8324d15d6ef09bd204fa32c9a3e8f52a

          SHA1

          a135f494418dfb85b7d6054316c029ca4b1c47ff

          SHA256

          0cb9ca190b601cde7b8b320e856117faa2950458fc00cb144fa0566777e6b208

          SHA512

          b3e537b20e1b44b233440d8c81952995f433677e0765f1033de7c2ccd400da9374ff2d444de0018c10636f356177473ca96f8b09f2207a8c597f6615e41b8d0f

        • C:\caf455ed4ae411b0ba0aa2\2010_x64.log.html.tmp

          Filesize

          729KB

          MD5

          4184a8f44d758afd6fa68e30dec4954e

          SHA1

          3e66e55455a882ac005705aef2e1853a0035acfb

          SHA256

          3835b0438469f92f1f91b9a851f36502c9d1c630bbdb84402e7f1600819c0bd1

          SHA512

          27c0a743e1803f4fd79c2baa10b29473fb98f2577de8051a837813b0f153c027d8a4b5374ca82b637ca4ab6767762000d97aba95e9911a2e87efe3216539bc69