Analysis

  • max time kernel
    150s
  • max time network
    104s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/05/2025, 11:54

General

  • Target

    849f71ce804616187c30f66bc1a37df7a2f66e0ab1c24eec3b9d16b40bb17d50.exe

  • Size

    17KB

  • MD5

    037aa02e443a62f5c5f084ebe33db79a

  • SHA1

    c0c1411baa5212931f514fdcf257caa4775b6474

  • SHA256

    849f71ce804616187c30f66bc1a37df7a2f66e0ab1c24eec3b9d16b40bb17d50

  • SHA512

    217336f94abb6e6ef2b3f4907b743aafbe3d65816066cad0f49aa66299c7b536433b34e6b011df0ee767e7bbb5755765d597ce73c9fb53a0f53f57e68462c7ad

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOAL2LK:uZ4FLz8ae+rOn8ae+rOM

Score
9/10

Malware Config

Signatures

  • Renames multiple (5359) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\849f71ce804616187c30f66bc1a37df7a2f66e0ab1c24eec3b9d16b40bb17d50.exe
    "C:\Users\Admin\AppData\Local\Temp\849f71ce804616187c30f66bc1a37df7a2f66e0ab1c24eec3b9d16b40bb17d50.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4500

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1454956602-4007834095-2135319884-1000\desktop.ini.tmp

          Filesize

          17KB

          MD5

          45269a224a5304ec76bae414734cc041

          SHA1

          c5808540b1ad26b1314dab905ea14ff1e1e5e92b

          SHA256

          fc196e80052d482ba22397bdee296f098e2e7a9609b113f795e5693e5f02f304

          SHA512

          219049b3c09b9a2cfde716d39341a64a04945c32dd123512203aa79312deae2a5658b2ccf7936b61ecbe3faae7fbd549d94ac18f0fc4d99c348121509916293f

        • C:\d556e8f40e1fe2150ce3c75a1b83\2010_x86.log.html.tmp

          Filesize

          98KB

          MD5

          2c30349cc295196f82a7f6e9a738f97a

          SHA1

          3a894486f84d8c7a5f274af48051db6fc3daa3da

          SHA256

          d2e4fc7e0c324cef3e7966ee20dcfde98866ac841b10ec42d0c049bf808bb697

          SHA512

          c0305fdaffb12193bf01491d40062c36087fde6967ed7cf103a2dd5e04271937e8541bef01459515dad23ea0fc51676a10d2450183cb621fdc6d9e1077d091ca

        • memory/4500-1101-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB