Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2025, 13:43

General

  • Target

    916edef5cef40769a13f20d45239482b28284743d57d59424658981123999a57.exe

  • Size

    25KB

  • MD5

    b43a1304ea82a647a48e2a7513367eff

  • SHA1

    1f64eec63436062c03354065f526055988ebf5cd

  • SHA256

    916edef5cef40769a13f20d45239482b28284743d57d59424658981123999a57

  • SHA512

    c4fe5a75eff0c2243dbd45d215ce0f9845bf43a906627f7f9e71f5c1b5d085f692f7323995a965a21beab8e45b7ab7315c66384f4323dd3580af30dd1a20cf6d

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO3IW+E:s7ZppApdIIL

Score
9/10

Malware Config

Signatures

  • Renames multiple (5287) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\916edef5cef40769a13f20d45239482b28284743d57d59424658981123999a57.exe
    "C:\Users\Admin\AppData\Local\Temp\916edef5cef40769a13f20d45239482b28284743d57d59424658981123999a57.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3584

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3690492401-2005096563-3427069815-1000\desktop.ini.tmp

          Filesize

          25KB

          MD5

          d74608d0f579cceaf8c439f965ad1b57

          SHA1

          a33d6e8bd73c5569908502dda21a00fe556775e7

          SHA256

          9a72bc5343f8b7349f789993dd48e234c44516320468edcdfc21b2afca7b91ac

          SHA512

          46b4670aef89a4dc04467a6a187f2d11af75b917660c826706a21d0450f70bd7f88910b9ccb9427699ad3a7093df4a78a5e64e7304b0f9041db9796d853cf817

        • C:\f32c6debfbe15d219b06a854\2010_x64.log.html.tmp

          Filesize

          111KB

          MD5

          1c2392ee2d85b66e44f7af9e75d77073

          SHA1

          2cce72b3aee88e5806f5e83189b6e67d033aad6a

          SHA256

          fd8abbb2796ed41ddc376627bdc93278e1cc4fbe4d6f39b7d3b13ab1049e56e3

          SHA512

          a956b3c7cba0f82574dd51d7bee485bdf08ce8600e09f75c6d4f1a13d43e129979b190209bbd79d3074e261744c3c42c3f215f2e107d39b6758c1114dc6002e9