Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2025, 13:33

General

  • Target

    f55610b9430d867482523986c04d0dd9bf2bf50380f7b5bfec0f8cb36148594e.exe

  • Size

    23KB

  • MD5

    41c83c3c96bce5bd5674bf8dc87801a5

  • SHA1

    e2f93adf9588cae0c26c4bff7c54a6f90d6fced0

  • SHA256

    f55610b9430d867482523986c04d0dd9bf2bf50380f7b5bfec0f8cb36148594e

  • SHA512

    7983b0693babc2df3feeb2ab10864307924292306c7305aca7ae577246c1030a247c409705a1d4d3870cc63ca2ef43c07ad20c6933826d5abc48ccc8da060b69

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOiOZ2OZAAHAvJOaAHAvJOJ:s7BlpppARFbhdLz8ae+rOn8ae+rO/HAg

Score
9/10

Malware Config

Signatures

  • Renames multiple (5192) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f55610b9430d867482523986c04d0dd9bf2bf50380f7b5bfec0f8cb36148594e.exe
    "C:\Users\Admin\AppData\Local\Temp\f55610b9430d867482523986c04d0dd9bf2bf50380f7b5bfec0f8cb36148594e.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1004

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-186956858-2143653872-2609589082-1000\desktop.ini.tmp

          Filesize

          23KB

          MD5

          d52c78c45c3679bd9bdcf664ca2bb7cd

          SHA1

          0dc0a625c91a54e2b60ee4390929b28ef85d80c7

          SHA256

          ce59a2ff7cea8b1c6cb43a091c3f2892384c541c420134815b53584ad888e3c2

          SHA512

          a0ee1c724c331c4e593de780b22a7ba94f4cda209a08177679c8f2365ffbcc08bd2aead2388fa125404d39ae5e029e65525e03b2b8f97e666952a15784c07eb7

        • C:\d962f70874f5d4bfc1c6\2010_x64.log.html.tmp

          Filesize

          108KB

          MD5

          45dd6e9cfd00465f4e2941aeb8bfa979

          SHA1

          3c4ed60017b5cc2650f432c7b436aee4d3c44e13

          SHA256

          715a37c7b9a19920a20574c0df96a706e1f623f4669f06da0418858242497c9a

          SHA512

          1d0181d3014adf51a2c496d96e48edcb27861808dfafa84676f4095c5c866a003d2745c02f54004048e753211fe0a62c3fdd3ad894bee149fc4c043004519ee8