ff96f83670b65690810cb178926cf2a945d075bcad6a729b0279c6a3bf0bcf93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12659737046.zip
Size

92KB
Sample

231103-2dtlwaag8z
MD5

69a8ea56f7fe9aef383bbdcd07defcd5
SHA1

53066844d332913dee4662a4a6f00b793e4818d0
SHA256

ff96f83670b65690810cb178926cf2a945d075bcad6a729b0279c6a3bf0bcf93
SHA512

45c0020f09714966f1d403c83688b6300fc165d523055b8f79c585050658bffa7ae463844a2bd31fc70ff596f49e6bbc0ed42c59bca1a230ad079ce7f3881ee8
SSDEEP

1536:+k2IJpFKllLToxbP8qt7RGBuaJ+iywdcFXDfcwsrVVnla5iwoSnkkkx0E7g:F2EpFKllLToxz8o7RKRYiLy4RPla5iwD

Score

9^/10

ransomware

Malware Config

Targets

- Target
  
  8177455ab89cc96f0c26bc42907da1a4f0b21fdc96a0cc96650843fd616551f4
- Size
  
  126KB
- MD5
  
  478dcb54e0a610a160a079656b9582de
- SHA1
  
  5ea03fa8326ed87a0c81740092c131f23bc5f651
- SHA256
  
  8177455ab89cc96f0c26bc42907da1a4f0b21fdc96a0cc96650843fd616551f4
- SHA512
  
  3b1676e12e9b185e9f5ca7dfd43702fd04cc237c21b42137204db0d91bef39e778159115b1113ad3686e45ff9b2df3e5157a3d402ccccd87a656ddbf2b6c734e
- SSDEEP
  
  1536:1lnjg5f3DXJLAsfog8Ct45QgVuS3R7YjRk8vYRUoAd2Qf:joJLAsmdi
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (177) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (190) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  8c226e1f640b570a4a542078a7db59bb1f1a55cf143782d93514e3bd86dc07a0
- Size
  
  126KB
- MD5
  
  c7198ed957a2e21b4a3349e9d2220690
- SHA1
  
  5fc62671aef4b355d2050bf2904c7615cb0795ea
- SHA256
  
  8c226e1f640b570a4a542078a7db59bb1f1a55cf143782d93514e3bd86dc07a0
- SHA512
  
  ce59f6df393d4d644f2aeb8359265a1b0b21cf639cc3032282566223aa2ff39ac7e2e54a24aa8e3b2b9ce38b67ad234157c903438a574b5eb4391fdbd3df8639
- SSDEEP
  
  1536:hlnjg5f3DXJLAsfog8Ct4MRPrUuiEu/Fn9VfRk8vYRUoAd2r:HoJLAsmAkV2
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (165) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (220) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  c3c0cf25d682e981c7ce1cc0a00fa2b8b46cce2fa49abe38bb412da21da99cb7
- Size
  
  74KB
- MD5
  
  26ff72b0b85e764400724e442c164046
- SHA1
  
  c789942d013d8b45b6988ecc6491f5f1a1746311
- SHA256
  
  c3c0cf25d682e981c7ce1cc0a00fa2b8b46cce2fa49abe38bb412da21da99cb7
- SHA512
  
  fe9fdef93dfc44078cbbedd8d77c150932752be48b5f55eb0477c87bdcc8f4257fbaddf57b7d4a24c975f994d1940862bcd9444dc4b533561a10d27fac6058fe
- SSDEEP
  
  768:0t8hQglndwS3Hx7vitd2rJDG/Y+mOgqMTKsPgMcojdECvGM0DnAQuKIxSwouP1qp:lQgVuS3R7YjRk8vYRUoAd2Qf
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6