Analysis

  • max time kernel
    150s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2025, 07:26

General

  • Target

    4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe

  • Size

    21KB

  • MD5

    fca6f4b60b8faf6f4606c8b9dbcd9120

  • SHA1

    127aa264c6b6c3f38604dd22970fbdab10d11bf3

  • SHA256

    4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760

  • SHA512

    c93ec6e1beef89f6d2e4f286c10494e0d5f00ccdfc232033339b552740344fc9eedc197a2117f9eae9607a2f4fb8f804c96f2277e9ca9d2ea71a5437514fb5fc

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOVQc:s7BlpppARFbhdLz8ae+rOn8ae+rOT

Score
9/10

Malware Config

Signatures

  • Renames multiple (5270) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe
    "C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1448

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3623617754-4043701611-775564599-1000\desktop.ini.tmp

          Filesize

          22KB

          MD5

          32c61e805d49ed3fb58c282cb527ecbc

          SHA1

          f48645d712f3e05737af579b98ad98daf991008e

          SHA256

          9a62e50331b29170338009b111e693587d1f1a2e1a935fd84a4c004648cca46c

          SHA512

          59cdb9b0a641110c4075b14074c0efc8c1a559880c7f5a845272e5f7205e9baceb95fa1f299ff432d412e807380eac163e5077690af3f03852fe16c8c3bfabbb

        • C:\b96a7bef2438b67e1aee\2010_x86.log.html.tmp

          Filesize

          102KB

          MD5

          b523231104642743b741254ba023977c

          SHA1

          0d8b51e62e6dfac15ac1a6391a2a9a35564d6aa8

          SHA256

          daecbd74ba1da017dc207eea73ee9d535ffaf5ef12a7b00f938fe73c7c36e117

          SHA512

          f1579272dcf4975c241738eca0f484ecf8557901e599151c7236a5a8816722e695b306067d2d2065a7df24e9d3127c2bb6c020890fdf0d5d3adaa42484df2ed6