Analysis Overview
SHA256
70babc681d859a4da2bc63449522dd30dbbefd3374e82334e70c0c240cca696b
Threat Level: Likely malicious
The file 70babc681d859a4da2bc63449522dd30dbbefd3374e82334e70c0c240cca696b was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5280) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-19 13:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-19 13:42
Reported
2025-05-19 13:45
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
140s
Command Line
Signatures
Renames multiple (5280) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\70babc681d859a4da2bc63449522dd30dbbefd3374e82334e70c0c240cca696b.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\70babc681d859a4da2bc63449522dd30dbbefd3374e82334e70c0c240cca696b.exe
"C:\Users\Admin\AppData\Local\Temp\70babc681d859a4da2bc63449522dd30dbbefd3374e82334e70c0c240cca696b.exe"
Network
| Country | Destination | Domain | Proto |
| DE | 88.221.197.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.16.227:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3951986358-4006919840-1009690842-1000\desktop.ini.tmp
| MD5 | 5a0acc72cb29b0310da27dacdee676b3 |
| SHA1 | 1db56fac5d634ac696d0c5d60fa7685a0d8045ce |
| SHA256 | b753b2583eac0e904617b95aef8fccf4fcd0c059d2d18b990da22c1a2c3aecea |
| SHA512 | 1ab145f8d9814b7796a7567030f1fcf4899b0b1faf76f57d50e8aed15ab9833b3541221839dc73db6b97a38401a0c0f5b054a1d4d54a5c2950b1e10c68347583 |
C:\e871de07eca81c0a47\2010_x86.log.html.tmp
| MD5 | 753b94d6c69d039b2ba107f176803c87 |
| SHA1 | 1745ffba81e32c3bfe37e7089d1a36274d8b96eb |
| SHA256 | 26d88a09a693ac0c135873b832c8949b1d7febffd7bb62549f0aea6e7a2ab9ba |
| SHA512 | 9c8110871491f5f2d49a3ae54adcfbe9faa41b08a997e7ad30c421aac2474b2ccd700f087d5d407ec8e3274d7429223e9e234965a522c8286d17071412955f66 |
memory/5396-795-0x0000000000400000-0x0000000000407000-memory.dmp