Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2025, 13:43

General

  • Target

    303b367fdb3ba35a8a2cd2aed88fa7b8d4b17bf838fdb6dd3018c4da820968cf.exe

  • Size

    96KB

  • MD5

    03296de833e1c7fccec81f70dee8b0c9

  • SHA1

    f96d5564e007a41dcf2455e356c4f5df17bbc771

  • SHA256

    303b367fdb3ba35a8a2cd2aed88fa7b8d4b17bf838fdb6dd3018c4da820968cf

  • SHA512

    5fe72fbfa31e60c20ea1b26e8a10ad5a3bcb7fe5aa7a4081a7bcbaa152384ab01809fc9d9c49f548a3b7cc9a8571aba5c8bf77d279b13eff30b958ae3e1ea7a5

  • SSDEEP

    1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6kRx:spWpsBsqrNkMzN0mx7Sr6kRx

Score
9/10

Malware Config

Signatures

  • Renames multiple (5019) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\303b367fdb3ba35a8a2cd2aed88fa7b8d4b17bf838fdb6dd3018c4da820968cf.exe
    "C:\Users\Admin\AppData\Local\Temp\303b367fdb3ba35a8a2cd2aed88fa7b8d4b17bf838fdb6dd3018c4da820968cf.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3964

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3674642747-2260306818-3009887879-1000\desktop.ini.tmp

          Filesize

          96KB

          MD5

          a269feba316da1c65df14217bd63fb01

          SHA1

          e25a9aa93d3194ef255c76bdf08b6d415a0f8266

          SHA256

          1e5f3c0ff857e487e2559403ce696a2a92e1eaee5f936804d1b6be1f56e3e480

          SHA512

          8462550c65864e17287afe836244fd162118950e2cfe01a86168ed3433a8b45bee964047c79eabc690a9309bdf322fe807876086d2b5606f078da3ce1d6623db

        • C:\967f022c4c136664abfad56c1fb73a\2010_x86.log.html.tmp

          Filesize

          178KB

          MD5

          d86e7f905ce6cff01aabf98a40a6b056

          SHA1

          621e23cdd12dad2a2b71d8a60088f06c04b8d35e

          SHA256

          cd5a9a3e0cb6eb377671f9ed7b9f960f537eceef8617e1fcc8fd6af89cbbe58e

          SHA512

          74c3ffff33802f0b99ac0394a1504a03a8a9283d53ac3b238324084cac2730f0c16b8bdb1dda68e715e0537ae32169cd92a26e9bf0d98ec42ce7f7806a0be202