Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2025, 09:57

General

  • Target

    2db302b332c82e45bb493ba1eb081041da9ec60c861ec82c65d6f5177d13b9d7.exe

  • Size

    17KB

  • MD5

    81fc313583ccf1af2e200d929f8296ac

  • SHA1

    367ebe8c9279cfe7ff9bcfcfb79abe2a84ab5aac

  • SHA256

    2db302b332c82e45bb493ba1eb081041da9ec60c861ec82c65d6f5177d13b9d7

  • SHA512

    628bb9220a1aececfeae1173e0efdf9e6eb21e5304f0a40492c3339c11b70c403376a368189ccf4a71ed0d3600c7ccc196531b2c2bb3cf92bd33187b35d1534c

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOYE/AE/t:uZ4FLz8ae+rOn8ae+rOl

Score
9/10

Malware Config

Signatures

  • Renames multiple (5271) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2db302b332c82e45bb493ba1eb081041da9ec60c861ec82c65d6f5177d13b9d7.exe
    "C:\Users\Admin\AppData\Local\Temp\2db302b332c82e45bb493ba1eb081041da9ec60c861ec82c65d6f5177d13b9d7.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:776

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3623617754-4043701611-775564599-1000\desktop.ini.tmp

          Filesize

          18KB

          MD5

          0ad4e6dedfa4fdf422aa32c39c4821af

          SHA1

          93353562cbee60b923866eaed0a03e80ad4e3cc6

          SHA256

          6fa1addf447375183389a91baf68ae36838edad7ec5d475e0374e394762307ee

          SHA512

          71c650d5d36fe38a981625627b903b31b266fdc2150d7683cffaa9de26d17a25ba9bb50676979f02c1fdbf2a01e5dc1036cb23ac48e0d08d6e775b62fa663438

        • C:\b96a7bef2438b67e1aee\2010_x86.log.html.tmp

          Filesize

          98KB

          MD5

          583a869619635e2000809c73ef801ae3

          SHA1

          2ee6ab12fd8cc0bd5a9d9eaca2db039e83ad9e95

          SHA256

          82e5adeeeaff025ee0349d0fc6a8d50b871148e9261ec21b3022bb0df621bf1d

          SHA512

          b2491fae3690d6865022919b0e951c52e41b1c67af69df31c7614c398ad8a7b5e2bf4ebbbd792e0a2f1b4d32635576aabde713a72fc68abfbda121119521a5e0

        • memory/776-799-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB