General

  • Target

    56938d0e9b63c894a7743e220d4c6f12fca1c3cce36a99f9b60c38bfa70842b9

  • Size

    709KB

  • Sample

    240610-17v65atckk

  • MD5

    8ff7e1cd9b64feee0fdc9223ba0ce7d2

  • SHA1

    3900af2ddb86a08a25791ed600784692b718ae1c

  • SHA256

    56938d0e9b63c894a7743e220d4c6f12fca1c3cce36a99f9b60c38bfa70842b9

  • SHA512

    65ea09fd2a42d4a25e33d35fcca99e7b56eb5028d24c9406e16fd836685f0e862dc893ec4329feb215854dd704fa82e8b1357d36a2b62d75400db1bda4d7a61d

  • SSDEEP

    12288:VQtyZGtKgZGtK/CAIuZAIuMQtyZGtKgZGtK/CAIuZAIuyg4QtyZGtKgZGtK/CAIz:VItNItTg4ItNItTg8

Score
10/10

Malware Config

Targets

    • Target

      56938d0e9b63c894a7743e220d4c6f12fca1c3cce36a99f9b60c38bfa70842b9

    • Size

      709KB

    • MD5

      8ff7e1cd9b64feee0fdc9223ba0ce7d2

    • SHA1

      3900af2ddb86a08a25791ed600784692b718ae1c

    • SHA256

      56938d0e9b63c894a7743e220d4c6f12fca1c3cce36a99f9b60c38bfa70842b9

    • SHA512

      65ea09fd2a42d4a25e33d35fcca99e7b56eb5028d24c9406e16fd836685f0e862dc893ec4329feb215854dd704fa82e8b1357d36a2b62d75400db1bda4d7a61d

    • SSDEEP

      12288:VQtyZGtKgZGtK/CAIuZAIuMQtyZGtKgZGtK/CAIuZAIuyg4QtyZGtKgZGtK/CAIz:VItNItTg4ItNItTg8

    Score
    9/10
    • Renames multiple (2734) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks