Analysis

  • max time kernel
    150s
  • max time network
    102s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/05/2025, 09:56

General

  • Target

    7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe

  • Size

    6.4MB

  • MD5

    24a1e4aa7392fae234e8b506018186e8

  • SHA1

    3d552f7f4c85a044e2f15520a744596557572d40

  • SHA256

    7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81

  • SHA512

    b2e50c9be3569ddc7c1fd88c48a8ae89c47004022ed20f04baac9761089be86de0d4571a36785eefd2959fd05d9a0b566571572176cc34466fa3db3e62078e17

  • SSDEEP

    98304:hfvhjurdSGgHjhDnWH5YgrMvglnLHenTKTkWwfku:hf143MtnOCg4IpLHeeTnwfku

Score
9/10

Malware Config

Signatures

  • Renames multiple (404) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe
    "C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3000

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3518521428-3897247806-4080064211-1000\desktop.ini.tmp

          Filesize

          6.4MB

          MD5

          7881c38eb4f5a641b04f6cb4eaa19461

          SHA1

          fc4e6fbfa8bdc4a225d2a3375eb24a90fbe326b7

          SHA256

          4aa3c0c30a2f3153301693229f12ab8d36adc5c723f9fe5916ad57059a5d550a

          SHA512

          02b191366eef77fa324f92be199b3969f529d5127147a05544212577c83352741565f5016ef536ae2feecf060e39b4ae784e4816bb495785c5af5bd3c69cae05

        • C:\ef24ccacc0fb7a1128713900cef14716\2010_x64.log.html.tmp

          Filesize

          6.4MB

          MD5

          ae2b93c173ba6cc7d8f2127eea5c636f

          SHA1

          710394247eae81a7932e3af1b8fa0acfd5f2b473

          SHA256

          20f720f08134b900596864410260a515d0247c40b25659489afb17f52cfc7a44

          SHA512

          a1cd814856c9a6624298fc5dae43dceb73a2a782ec9016e37ea7178d33f3d8b7c2b7febe771c1524e07d896c6ebd7d637b22ee03293828c97377c9ba9a73041d

        • memory/3000-95-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB