Analysis Overview
SHA256
7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81
Threat Level: Likely malicious
The file 7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81 was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (404) files with added filename extension
Renames multiple (412) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-18 09:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-05-18 09:56
Reported
2025-05-18 09:59
Platform
win11-20250502-en
Max time kernel
150s
Max time network
102s
Command Line
Signatures
Renames multiple (404) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe
"C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3518521428-3897247806-4080064211-1000\desktop.ini.tmp
| MD5 | 7881c38eb4f5a641b04f6cb4eaa19461 |
| SHA1 | fc4e6fbfa8bdc4a225d2a3375eb24a90fbe326b7 |
| SHA256 | 4aa3c0c30a2f3153301693229f12ab8d36adc5c723f9fe5916ad57059a5d550a |
| SHA512 | 02b191366eef77fa324f92be199b3969f529d5127147a05544212577c83352741565f5016ef536ae2feecf060e39b4ae784e4816bb495785c5af5bd3c69cae05 |
C:\ef24ccacc0fb7a1128713900cef14716\2010_x64.log.html.tmp
| MD5 | ae2b93c173ba6cc7d8f2127eea5c636f |
| SHA1 | 710394247eae81a7932e3af1b8fa0acfd5f2b473 |
| SHA256 | 20f720f08134b900596864410260a515d0247c40b25659489afb17f52cfc7a44 |
| SHA512 | a1cd814856c9a6624298fc5dae43dceb73a2a782ec9016e37ea7178d33f3d8b7c2b7febe771c1524e07d896c6ebd7d637b22ee03293828c97377c9ba9a73041d |
memory/3000-95-0x0000000000400000-0x0000000000407000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-18 09:56
Reported
2025-05-18 09:59
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
139s
Command Line
Signatures
Renames multiple (412) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe
"C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3299287909-2279959458-198972791-1000\desktop.ini.tmp
| MD5 | e7c646469be049e3203f1f581384fa39 |
| SHA1 | 86e666138e12374dcb286e5e81540c3eadb9c644 |
| SHA256 | 4abb1abef9843871a13cbe41d2e618bb6d4c244e2c10460a243a470c92a6c3a1 |
| SHA512 | dd64ecd1cc91cb973d9ac5881fc975efa67030ac98a49140db68b33476c3768ccb62267fd48e0ed9bbb587fcec69772ff4a10fe57d90208dac52eee4c23cb61a |
C:\8e056885788215100b95f8050bba49\2010_x64.log.html.tmp
| MD5 | 604bc25d7a58da5b495538b9fd192de6 |
| SHA1 | 76ec7613e9a11359be96fe0b0fb17149d00cdbb6 |
| SHA256 | eb1a648e9f2c8e2903031906026f86cf7abaa17e2a221ad29e9c455599dcb798 |
| SHA512 | e60a8f7edd6e4abbf79a9bdb5f2e46a951ddea4d4034854a747ab6df2bf4910b8db58711720923b1f6b7ea6be1cfae15fe5cc9ff026ace524b274e85bd75d3f4 |
memory/2100-103-0x0000000000400000-0x0000000000407000-memory.dmp