Analysis

  • max time kernel
    150s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2025, 12:00

General

  • Target

    4f8fff1eade9ef26fef0881e27fae158da5a8fc2bc6ce0128ba10d6e34780cf8.exe

  • Size

    17KB

  • MD5

    229d7d6c64dffbdf649b205df66ed1fd

  • SHA1

    53f7936d7dc02c59c08136bf29f60dc46e766d92

  • SHA256

    4f8fff1eade9ef26fef0881e27fae158da5a8fc2bc6ce0128ba10d6e34780cf8

  • SHA512

    fb04bb96a7918419fe0f47a5a93d825abbcbc4a597f3b7a302dcb169d5593343713429d75b356cc75bd80bc8ba91d63ffb1a5f180d9029acd4462bc799839f58

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOAL2Lp:uZ4FLz8ae+rOn8ae+rOL

Score
9/10

Malware Config

Signatures

  • Renames multiple (5321) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f8fff1eade9ef26fef0881e27fae158da5a8fc2bc6ce0128ba10d6e34780cf8.exe
    "C:\Users\Admin\AppData\Local\Temp\4f8fff1eade9ef26fef0881e27fae158da5a8fc2bc6ce0128ba10d6e34780cf8.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4344

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3623617754-4043701611-775564599-1000\desktop.ini.tmp

          Filesize

          17KB

          MD5

          82d4720ff9d97de631e97a5e0e6663cc

          SHA1

          dc1f83ed231b7bfcbca56e2d9e3e88a1b7ab4e66

          SHA256

          a580a45d67be890e1fdaecf1ff7f03c3f172050ac95db46dd6033d693b91460b

          SHA512

          40b9c518780d922556083d8d72e940897346c028be418bb4b4f582b699a7806acc3c478c5cd4b805c6ed19d30814624ac7fe3a5548ddb558b86d449042e6568c

        • C:\b96a7bef2438b67e1aee\2010_x86.log.html.tmp

          Filesize

          98KB

          MD5

          11a263c51dd658b6f6b0c71a77e7b5fb

          SHA1

          e64355f269a0cb66c40d54424ed81f3a9312f6d8

          SHA256

          29db472083d1d46de3b7177b533c1c0339d17baee329d501b4af635954c0cc04

          SHA512

          ede5a4f811ba39dd8ab89518aa7dd60ee9bcc6335fafca773e487a46be44669e694a6f56d74b4f1771c05e4a160c1fa5166b8fdeb0d3ad2f48bd1cb5ac3962ac

        • memory/4344-789-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB