Analysis

  • max time kernel
    149s
  • max time network
    103s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/05/2025, 07:26

General

  • Target

    4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe

  • Size

    21KB

  • MD5

    fca6f4b60b8faf6f4606c8b9dbcd9120

  • SHA1

    127aa264c6b6c3f38604dd22970fbdab10d11bf3

  • SHA256

    4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760

  • SHA512

    c93ec6e1beef89f6d2e4f286c10494e0d5f00ccdfc232033339b552740344fc9eedc197a2117f9eae9607a2f4fb8f804c96f2277e9ca9d2ea71a5437514fb5fc

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOVQc:s7BlpppARFbhdLz8ae+rOn8ae+rOT

Score
9/10

Malware Config

Signatures

  • Renames multiple (5366) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe
    "C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1720

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1454956602-4007834095-2135319884-1000\desktop.ini.tmp

          Filesize

          22KB

          MD5

          7be2ece3e0d732f27df2a6c06ec34273

          SHA1

          87a648f173004bb1a0dc31e88598f93455150818

          SHA256

          661adfde33672a04c2f02b1fcc90fc5b9ab5408d0ddd532c64c4f276899aec16

          SHA512

          021b820ad359e0dbf75f92470374e0efc91fb6eeb67d000dca8eeb8039970c24098644e1863d5a8a64789ca82357595bc6e9ddfcc9914b4e6c1bf7093bc131c5

        • C:\d556e8f40e1fe2150ce3c75a1b83\2010_x86.log.html.tmp

          Filesize

          103KB

          MD5

          7597d281eca6d867fa61fbdb1a9b00fe

          SHA1

          15756029df32071280865d8ba44c5b51c8fc30a2

          SHA256

          f8e1057df18f5035f10afba23178652b82c22799aadea7a7a693afe2a79915d4

          SHA512

          074ad72aa41d293d5b526b37961060906528b74c83621c55ff41054bea8c56879cb6e869aadbdbe88db078235d042b066d45f8fbc19af1a60fe16ca895f88863