Analysis Overview
SHA256
303b367fdb3ba35a8a2cd2aed88fa7b8d4b17bf838fdb6dd3018c4da820968cf
Threat Level: Likely malicious
The file 303b367fdb3ba35a8a2cd2aed88fa7b8d4b17bf838fdb6dd3018c4da820968cf was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5019) files with added filename extension
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-19 13:43
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-19 13:43
Reported
2025-05-19 13:45
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
128s
Command Line
Signatures
Renames multiple (5019) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\303b367fdb3ba35a8a2cd2aed88fa7b8d4b17bf838fdb6dd3018c4da820968cf.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\303b367fdb3ba35a8a2cd2aed88fa7b8d4b17bf838fdb6dd3018c4da820968cf.exe
"C:\Users\Admin\AppData\Local\Temp\303b367fdb3ba35a8a2cd2aed88fa7b8d4b17bf838fdb6dd3018c4da820968cf.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| FR | 23.192.237.220:443 | www.bing.com | tcp |
| FR | 23.192.237.220:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3674642747-2260306818-3009887879-1000\desktop.ini.tmp
| MD5 | a269feba316da1c65df14217bd63fb01 |
| SHA1 | e25a9aa93d3194ef255c76bdf08b6d415a0f8266 |
| SHA256 | 1e5f3c0ff857e487e2559403ce696a2a92e1eaee5f936804d1b6be1f56e3e480 |
| SHA512 | 8462550c65864e17287afe836244fd162118950e2cfe01a86168ed3433a8b45bee964047c79eabc690a9309bdf322fe807876086d2b5606f078da3ce1d6623db |
C:\967f022c4c136664abfad56c1fb73a\2010_x86.log.html.tmp
| MD5 | d86e7f905ce6cff01aabf98a40a6b056 |
| SHA1 | 621e23cdd12dad2a2b71d8a60088f06c04b8d35e |
| SHA256 | cd5a9a3e0cb6eb377671f9ed7b9f960f537eceef8617e1fcc8fd6af89cbbe58e |
| SHA512 | 74c3ffff33802f0b99ac0394a1504a03a8a9283d53ac3b238324084cac2730f0c16b8bdb1dda68e715e0537ae32169cd92a26e9bf0d98ec42ce7f7806a0be202 |