Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2025, 09:56

General

  • Target

    c02f9f14ff3044ba255b9d1877dba3340d954261b08a8bf48687149a1ce6bb66.exe

  • Size

    14.7MB

  • MD5

    d29172fa28640166d02d335a08dc7702

  • SHA1

    2761fe3daed92a49b1ad976b3f3f7eec47eeb462

  • SHA256

    c02f9f14ff3044ba255b9d1877dba3340d954261b08a8bf48687149a1ce6bb66

  • SHA512

    0cba64c515b2a448516f95ee029c5fc734fbfe74b51e364d5483e95d6901be3c7647fef725b5a7d6e22f79b9e735340cb0684dfaf4e8cdcda72b1fd950bb7dad

  • SSDEEP

    393216:hv+pwy3Hq7y3yrdwPEjUC4WaB4g3gMVnbM:h+3SwPEjUb4g3gMVQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (223) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c02f9f14ff3044ba255b9d1877dba3340d954261b08a8bf48687149a1ce6bb66.exe
    "C:\Users\Admin\AppData\Local\Temp\c02f9f14ff3044ba255b9d1877dba3340d954261b08a8bf48687149a1ce6bb66.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5280

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3674642747-2260306818-3009887879-1000\desktop.ini.tmp

          Filesize

          14.7MB

          MD5

          76936e288c0c15c07d40fad7b659aa33

          SHA1

          21b13889850862238a05b04c75b768d558efc530

          SHA256

          aa0f7b4a20f701666b9042c9b7f78f33635fb837c7a24a966b863891327945f5

          SHA512

          9fffe9e237ca1316a09fdf9d93ecff6c15f3cf81057987403ce42a462003f64edc5f771c1d7bcbf2ecb4a247d16064498b68a2fb18e0f579a943330980d0f94e

        • C:\967f022c4c136664abfad56c1fb73a\2010_x86.log.html.tmp

          Filesize

          14.7MB

          MD5

          aec846fa971d15d5c247840edcc27699

          SHA1

          8a730aef730767406f9d09a49eb3830211b7064e

          SHA256

          69d67efb54e4b239fa9291569ee92df24deb147e572b50ab24d3d7a8410a7ec2

          SHA512

          cd1a7a52c5c3ab7e421933cfd4e7666d37b2fb96001c957fb7fb690c46a305c138b3a5f9555487313d2af3bc4622445743560decee4c6ce75c9c08a65d469274

        • memory/5280-43-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB