Analysis

  • max time kernel
    149s
  • max time network
    105s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/05/2025, 11:53

General

  • Target

    02bf857ff75d7e43dfaa752c8bcb419521179a05288e9f483d63010d76d2c65e.exe

  • Size

    21KB

  • MD5

    0777808533ae8cb9f6b30dbdb6ef8e9a

  • SHA1

    ebe27a4ca7ecd3c50f797fbd550acb5afb48453c

  • SHA256

    02bf857ff75d7e43dfaa752c8bcb419521179a05288e9f483d63010d76d2c65e

  • SHA512

    f09431788e294b25896fa572a60368bf6a3d44e770669371c6207aa6594feb944a7f015c5dab637d8f23d0f7c6af2d00b9d973460be3d6a0f5055db687d16f0e

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOAL2Lvhm:uZ4FLz8ae+rOn8ae+rOZhm

Score
9/10

Malware Config

Signatures

  • Renames multiple (5364) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\02bf857ff75d7e43dfaa752c8bcb419521179a05288e9f483d63010d76d2c65e.exe
    "C:\Users\Admin\AppData\Local\Temp\02bf857ff75d7e43dfaa752c8bcb419521179a05288e9f483d63010d76d2c65e.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5280

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1178639776-3244803473-3821071008-1000\desktop.ini.tmp

          Filesize

          22KB

          MD5

          b972794b13da008eec7f125a12b1dc9c

          SHA1

          0cdd373ffa841ef21554acd4a57d14c5e18d91fb

          SHA256

          164d36309b8a84435d77265f032a9353e26e2f7c2718a3f7f3a07017ea77c7a2

          SHA512

          00d62b051e67b1306411273f1bdd12424a7470087a92cb6197292a68398637f55afb2b28b26792467e2cef83b38bb373f7c05a36c30a3ce2a0584865ec966f21

        • C:\f8efe770fb160c3e4e\2010_x86.log.html.tmp

          Filesize

          102KB

          MD5

          fca47c1cc1fe36606b02442bc3f7b985

          SHA1

          b57f7a72a22173418162f7a7b11ec0b342d006a7

          SHA256

          1ef97470f73d4ae6ddbdd951848abcc04a67a4e0b897884dc11ea40e906fbcbd

          SHA512

          1f6c70976bb5d0b93685094d423971eb903a41ef75ddd61a195fd856b5018e6a3320f3d9808084eda1cd01a6a4f2b52b019f9aa46bb3b6d786cce0211b13d706

        • memory/5280-1233-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB