Analysis Overview
SHA256
f55610b9430d867482523986c04d0dd9bf2bf50380f7b5bfec0f8cb36148594e
Threat Level: Likely malicious
The file f55610b9430d867482523986c04d0dd9bf2bf50380f7b5bfec0f8cb36148594e was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5192) files with added filename extension
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-15 13:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-15 13:33
Reported
2025-05-15 13:36
Platform
win10v2004-20250502-en
Max time kernel
149s
Max time network
137s
Command Line
Signatures
Renames multiple (5192) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f55610b9430d867482523986c04d0dd9bf2bf50380f7b5bfec0f8cb36148594e.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f55610b9430d867482523986c04d0dd9bf2bf50380f7b5bfec0f8cb36148594e.exe
"C:\Users\Admin\AppData\Local\Temp\f55610b9430d867482523986c04d0dd9bf2bf50380f7b5bfec0f8cb36148594e.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| DK | 2.19.173.8:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.251.37.35:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-186956858-2143653872-2609589082-1000\desktop.ini.tmp
| MD5 | d52c78c45c3679bd9bdcf664ca2bb7cd |
| SHA1 | 0dc0a625c91a54e2b60ee4390929b28ef85d80c7 |
| SHA256 | ce59a2ff7cea8b1c6cb43a091c3f2892384c541c420134815b53584ad888e3c2 |
| SHA512 | a0ee1c724c331c4e593de780b22a7ba94f4cda209a08177679c8f2365ffbcc08bd2aead2388fa125404d39ae5e029e65525e03b2b8f97e666952a15784c07eb7 |
C:\d962f70874f5d4bfc1c6\2010_x64.log.html.tmp
| MD5 | 45dd6e9cfd00465f4e2941aeb8bfa979 |
| SHA1 | 3c4ed60017b5cc2650f432c7b436aee4d3c44e13 |
| SHA256 | 715a37c7b9a19920a20574c0df96a706e1f623f4669f06da0418858242497c9a |
| SHA512 | 1d0181d3014adf51a2c496d96e48edcb27861808dfafa84676f4095c5c866a003d2745c02f54004048e753211fe0a62c3fdd3ad894bee149fc4c043004519ee8 |