Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2025, 11:58

General

  • Target

    849f71ce804616187c30f66bc1a37df7a2f66e0ab1c24eec3b9d16b40bb17d50.exe

  • Size

    17KB

  • MD5

    037aa02e443a62f5c5f084ebe33db79a

  • SHA1

    c0c1411baa5212931f514fdcf257caa4775b6474

  • SHA256

    849f71ce804616187c30f66bc1a37df7a2f66e0ab1c24eec3b9d16b40bb17d50

  • SHA512

    217336f94abb6e6ef2b3f4907b743aafbe3d65816066cad0f49aa66299c7b536433b34e6b011df0ee767e7bbb5755765d597ce73c9fb53a0f53f57e68462c7ad

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOAL2LK:uZ4FLz8ae+rOn8ae+rOM

Score
9/10

Malware Config

Signatures

  • Renames multiple (5302) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\849f71ce804616187c30f66bc1a37df7a2f66e0ab1c24eec3b9d16b40bb17d50.exe
    "C:\Users\Admin\AppData\Local\Temp\849f71ce804616187c30f66bc1a37df7a2f66e0ab1c24eec3b9d16b40bb17d50.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3712

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3920234085-916416549-2700794571-1000\desktop.ini.tmp

          Filesize

          17KB

          MD5

          a96c40d1151d78db3bb4362365024400

          SHA1

          0874c3c97140576125a8122e1facc59415e04cad

          SHA256

          26bdc280ea21f1d04e0f7b687399d168a5342e4532b711fc229a24c87b6ee2d2

          SHA512

          1115472fc2a9fe466b04bce11439abc7e6da776839f46168d8b07da711a8d8be23f56ae18a9c8484206ea23774353a0791861b7ebc1c52608a96a9cc2efd00be

        • C:\6eaadd5e1536cd09900c16de307910\2010_x86.log.html.tmp

          Filesize

          98KB

          MD5

          ca882b919db4232c9b62a737a3bee97f

          SHA1

          63e31f1e0f63b609f98281d716e42666ae187f25

          SHA256

          527ea4631d4ce31b4f87c2ab4ce1188fc0718ec4af52a9a8a42a04a1c41bea22

          SHA512

          d1e9edf892bd1859cc3d7965c0ad1e6bb1538f74d4f3fc604042172da8bfc8f8a433abf9119ef253220fce4390a732b827b7c67d1585dedb83a0f27afa58b32a

        • memory/3712-829-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB