Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2025, 13:42

General

  • Target

    1fdf96be6e7ee2ba560734b4105dad34d81b53f767be21cc930658ab8ca8a32f.exe

  • Size

    18KB

  • MD5

    a466725778c38d06441264aa07d9a40b

  • SHA1

    b5d5a09a9868531289c45143aa6ab1de273c6b55

  • SHA256

    1fdf96be6e7ee2ba560734b4105dad34d81b53f767be21cc930658ab8ca8a32f

  • SHA512

    06fd2cbc7e4417a99824282580f89141e5040ddb7b71dfd00466de754b256935946898359fa8c2de4b8484f0cc973bf9e0b3ec55acea60a9ee2312c29d68ce6c

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOdzzgyt69Q6Czzgyt69Q6/tp:uZ4FLz8ae+rOn8ae+rOdzEytU5CzEytC

Score
9/10

Malware Config

Signatures

  • Renames multiple (5219) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fdf96be6e7ee2ba560734b4105dad34d81b53f767be21cc930658ab8ca8a32f.exe
    "C:\Users\Admin\AppData\Local\Temp\1fdf96be6e7ee2ba560734b4105dad34d81b53f767be21cc930658ab8ca8a32f.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3768

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3920234085-916416549-2700794571-1000\desktop.ini.tmp

          Filesize

          18KB

          MD5

          a827bae65a3dac6f3fdcce986261591f

          SHA1

          9d72e40329c5fe41d0d22d5f1cb20f83825ec745

          SHA256

          7055a12164e42e0e01e4733fa64bc4b2fb4b282602deaf9315a8468d0f7c904b

          SHA512

          45e816be5dcceb711372fab0122c4bb69eb299b9bcf66f2e9081f74e64d06498499f26f21b787c0de18c7ff2c06b87250e5e531d7275b6d1515e63c46715b065

        • C:\6eaadd5e1536cd09900c16de307910\2010_x86.log.html.tmp

          Filesize

          99KB

          MD5

          6e411651c76abfca352490ea9e25d7e4

          SHA1

          9fd9969849a53a7bcb79ef1f183d5272cd1fc45f

          SHA256

          13e8e4d98d0759ac1794109f161b09a2c9a1578542ee0a35a78f316d94e2c79e

          SHA512

          535235d7feb45ecde984d4024909fc19980418a75b0fbce7549127d2858bf9fb25b39727b09048a9e351d06bdd62621e523c9231ba8b70ce1daec64012a105fa

        • memory/3768-801-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB