Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2025, 09:56

General

  • Target

    7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe

  • Size

    6.4MB

  • MD5

    24a1e4aa7392fae234e8b506018186e8

  • SHA1

    3d552f7f4c85a044e2f15520a744596557572d40

  • SHA256

    7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81

  • SHA512

    b2e50c9be3569ddc7c1fd88c48a8ae89c47004022ed20f04baac9761089be86de0d4571a36785eefd2959fd05d9a0b566571572176cc34466fa3db3e62078e17

  • SSDEEP

    98304:hfvhjurdSGgHjhDnWH5YgrMvglnLHenTKTkWwfku:hf143MtnOCg4IpLHeeTnwfku

Score
9/10

Malware Config

Signatures

  • Renames multiple (412) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe
    "C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2100

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3299287909-2279959458-198972791-1000\desktop.ini.tmp

          Filesize

          6.4MB

          MD5

          e7c646469be049e3203f1f581384fa39

          SHA1

          86e666138e12374dcb286e5e81540c3eadb9c644

          SHA256

          4abb1abef9843871a13cbe41d2e618bb6d4c244e2c10460a243a470c92a6c3a1

          SHA512

          dd64ecd1cc91cb973d9ac5881fc975efa67030ac98a49140db68b33476c3768ccb62267fd48e0ed9bbb587fcec69772ff4a10fe57d90208dac52eee4c23cb61a

        • C:\8e056885788215100b95f8050bba49\2010_x64.log.html.tmp

          Filesize

          6.4MB

          MD5

          604bc25d7a58da5b495538b9fd192de6

          SHA1

          76ec7613e9a11359be96fe0b0fb17149d00cdbb6

          SHA256

          eb1a648e9f2c8e2903031906026f86cf7abaa17e2a221ad29e9c455599dcb798

          SHA512

          e60a8f7edd6e4abbf79a9bdb5f2e46a951ddea4d4034854a747ab6df2bf4910b8db58711720923b1f6b7ea6be1cfae15fe5cc9ff026ace524b274e85bd75d3f4

        • memory/2100-103-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB