Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2025, 13:33

General

  • Target

    00ee5bd2e97680a78a39f21169109e5b26f93e2f6504e5682c6308bef1556110.exe

  • Size

    17KB

  • MD5

    33e1be58da700cb193b644fa019aac00

  • SHA1

    c665321d216e27696516dcd067366a3ad49bd746

  • SHA256

    00ee5bd2e97680a78a39f21169109e5b26f93e2f6504e5682c6308bef1556110

  • SHA512

    b51fed769149833896ea222b882602a3fa2ad058ef46d4644e6dfd96c4d4d5a755692f87f8e601be7ab3d6977abe1e53ca96e6b626b748d48e71fb540a9b51d2

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOj:uZ4FLz8ae+rOn8ae+rOj

Score
9/10

Malware Config

Signatures

  • Renames multiple (5294) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\00ee5bd2e97680a78a39f21169109e5b26f93e2f6504e5682c6308bef1556110.exe
    "C:\Users\Admin\AppData\Local\Temp\00ee5bd2e97680a78a39f21169109e5b26f93e2f6504e5682c6308bef1556110.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4328

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-343936533-1262634978-1863872812-1000\desktop.ini.tmp

          Filesize

          17KB

          MD5

          d55d94d782aab5c3f32a0fa7fc247a60

          SHA1

          20e5365f37a953e0ea6a1bafca30386fee1f7f8d

          SHA256

          0ca36b84a56479cf7ed504052a225e4509b0fdca8873f6add1fb150275846eef

          SHA512

          75b1a162d84baccad642a1f2d1b95c9d9916eab5a8f5455921e72453d9465b6f99a6e5e070c85ef097fcdfc94006d5641833f62b0e0e018c9dd1b0570a094d42

        • C:\f21fae8705b262c53286e8\2010_x86.log.html.tmp

          Filesize

          98KB

          MD5

          9023f7bf100e5b44013eec3c53a56afc

          SHA1

          df7fed39934e581ec3396619e7a72adc9477b24d

          SHA256

          845ba42a4a6a93206968631dd5392e367e8007e0a79688afc805d82d6cd3b0db

          SHA512

          76ebf35443bd8aeb608e67d01aa2ffd983d3d7550ec32d30674441385c3af3afff74173d003dc3b165e76b251cfc5919fca720c8f18eef4d844282f1fef1faf6

        • memory/4328-797-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB