Analysis

  • max time kernel
    149s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2025, 07:23

General

  • Target

    4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe

  • Size

    21KB

  • MD5

    fca6f4b60b8faf6f4606c8b9dbcd9120

  • SHA1

    127aa264c6b6c3f38604dd22970fbdab10d11bf3

  • SHA256

    4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760

  • SHA512

    c93ec6e1beef89f6d2e4f286c10494e0d5f00ccdfc232033339b552740344fc9eedc197a2117f9eae9607a2f4fb8f804c96f2277e9ca9d2ea71a5437514fb5fc

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOVQc:s7BlpppARFbhdLz8ae+rOn8ae+rOT

Score
9/10

Malware Config

Signatures

  • Renames multiple (5197) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe
    "C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4948

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-186956858-2143653872-2609589082-1000\desktop.ini.tmp

          Filesize

          22KB

          MD5

          1691204e5a64d173d9985f18cf8eaead

          SHA1

          d00f62444439a8c8a87aa552f8aada6b5271bc41

          SHA256

          9d0070b68f8855388d9b36713b9644b0323fcadd43d2882c5cefda4d07285c06

          SHA512

          f76e5e27aed241f4978518bbfe5456476c9d911a224ae968076ef8c4d4e2a30d2d515c107e9cf05459a7339e711d564bbce13be0ff028e401df78bfc6aa0937a

        • C:\d962f70874f5d4bfc1c6\2010_x64.log.html.tmp

          Filesize

          107KB

          MD5

          46c9cdfeca7fdabc67401a2208ab76cb

          SHA1

          cb16ad8c84d19762b30fad18a0ae445f59806b93

          SHA256

          e2842b0b3733697b85fb2dcf088a13a6636cf9efefde1af5ba1eed73f7e8d15a

          SHA512

          0c323cd34a35e2a453bf5481f53d031639c7db7fc04b8f307a0443510af2caaa3247b8733fa913b8b0e39ae1bd095c22c6a2a339693f2c0d0ee3d56b0db5b345