Analysis Overview
SHA256
4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760
Threat Level: Likely malicious
The file 4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760 was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5197) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-15 07:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-15 07:23
Reported
2025-05-15 07:26
Platform
win10v2004-20250502-en
Max time kernel
149s
Max time network
138s
Command Line
Signatures
Renames multiple (5197) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe
"C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.251.37.35:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-186956858-2143653872-2609589082-1000\desktop.ini.tmp
| MD5 | 1691204e5a64d173d9985f18cf8eaead |
| SHA1 | d00f62444439a8c8a87aa552f8aada6b5271bc41 |
| SHA256 | 9d0070b68f8855388d9b36713b9644b0323fcadd43d2882c5cefda4d07285c06 |
| SHA512 | f76e5e27aed241f4978518bbfe5456476c9d911a224ae968076ef8c4d4e2a30d2d515c107e9cf05459a7339e711d564bbce13be0ff028e401df78bfc6aa0937a |
C:\d962f70874f5d4bfc1c6\2010_x64.log.html.tmp
| MD5 | 46c9cdfeca7fdabc67401a2208ab76cb |
| SHA1 | cb16ad8c84d19762b30fad18a0ae445f59806b93 |
| SHA256 | e2842b0b3733697b85fb2dcf088a13a6636cf9efefde1af5ba1eed73f7e8d15a |
| SHA512 | 0c323cd34a35e2a453bf5481f53d031639c7db7fc04b8f307a0443510af2caaa3247b8733fa913b8b0e39ae1bd095c22c6a2a339693f2c0d0ee3d56b0db5b345 |