Analysis

  • max time kernel
    150s
  • max time network
    103s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/05/2025, 07:23

General

  • Target

    772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe

  • Size

    543KB

  • MD5

    0bd0c76c4ac975e58b0a42ae5379d4c3

  • SHA1

    071c26f93f706b8ba90494e113f6841633306d10

  • SHA256

    772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e

  • SHA512

    25279040ca828171d8a0b8ad01cd118d7578d21fbfff2c354c075c514527650d67fda37328a899bf31acfef414313b5f01def5e598dbaf78f7b0ace1b92a4f17

  • SSDEEP

    12288:9mN9Mttts+n8tGwXglfWF1wUcmN9Mttts+n8tGwXglfWF1wUl:9mNOttts+nKGwXgluF1wtmNOttts+nKZ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3931) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe
    "C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3852

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-779059454-4269757009-3780780039-1000\desktop.ini.tmp

          Filesize

          544KB

          MD5

          e25767c88994eb865801aa87bfcc2b76

          SHA1

          7eafe28930bb63e523fb2048e2a3268a1d6bc5cb

          SHA256

          04c73b8a03546a64c1bc5ced218a8700752a1a80c25bbee65d5f987eadb289a1

          SHA512

          72449d410e66e0af4856b77e5d4b7462e5592c92cc510308c622681ea74f6613f02aaae17b86944280577c8a4f6c74764a861c6d8eba7529eb08113fd1f41e47

        • C:\e62b36dd3cccbd0b2c8aefa1fa8db0\2010_x86.log.html.tmp

          Filesize

          625KB

          MD5

          03c53f6d54e9fb57c4f2382bc9ca205f

          SHA1

          df430703a0c11afa500b35092a7d0f823242b083

          SHA256

          501cb01d57cdb95968747ff540f5f1e4e9d1f55182917bb9a86276e212e75b4b

          SHA512

          13e8bea849a7c6d8f43afaec85857fdeca847cbd71555c581751946e9342a05153169c9ce3141cb5ce0b4038fe8455bf9da0c36816a7f6cf37345c3736572924