Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2025, 13:42

General

  • Target

    205b03b6ac2f31a24c60eece87eb8d2c014dad106a4c907a47d4b0927b396668.exe

  • Size

    22KB

  • MD5

    f4f81d5bdc2928fcc6d8dc35e3633377

  • SHA1

    58b1f2a5258a918498e8afc7a1f52ac6c7d3d462

  • SHA256

    205b03b6ac2f31a24c60eece87eb8d2c014dad106a4c907a47d4b0927b396668

  • SHA512

    fa58f05b5765b0d0aa540f04f2a9bf17e2f6e2c7634540b8a133e9903e4d3756cdef8db7aa72ff7e3a267ade9c42d467488d42f9e221458a9edfae27fa4a9706

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rO3IYogKO4iJfogKO4iJ7:uZ4FLz8ae+rOn8ae+rO3IYogKO4iJfow

Score
9/10

Malware Config

Signatures

  • Renames multiple (5247) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\205b03b6ac2f31a24c60eece87eb8d2c014dad106a4c907a47d4b0927b396668.exe
    "C:\Users\Admin\AppData\Local\Temp\205b03b6ac2f31a24c60eece87eb8d2c014dad106a4c907a47d4b0927b396668.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5104

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2930597513-779029253-718817275-1000\desktop.ini.tmp

          Filesize

          22KB

          MD5

          b6faa3800f846767320c17c2a39f4ce9

          SHA1

          d68a7db86b7011e4204bf623caca2e9ddaa6e6f4

          SHA256

          9693780982c267ae0ec47ef0b4283db6d1aa0d51316d01f74ff29e6f0022abe5

          SHA512

          a66977087816ed50185eb3259bfcf8a57168369e44c774c2db05065d3e95d86f2b317a8b9278f56f8a7628e3a49dd0cea070280686cb854475376c8f02e560d4

        • C:\6479eedf55783993fe56765264\2010_x86.log.html.tmp

          Filesize

          103KB

          MD5

          687bcda7022f0ef1559b9873ff56d0b0

          SHA1

          d385d66b158ce59cd02cb68293b005fbc568b761

          SHA256

          f107e7e6757a702911d587ee22aeb8429cb0661f70951da8ab52628d676e4b3a

          SHA512

          c10b1bf68fffd064afd81f285ad1baabaad6a0762ae9def38a23e28f873cc7863c943af8ae679409b100563e6c7210045c7106d3e85cd68e68f7dd4640af5933

        • memory/5104-799-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB