General

  • Target

    a7a1fee8ba4bf51c63e95b077e5e05c0e4cc069b013efdf46a7fe6563b279e24

  • Size

    270KB

  • Sample

    240614-csf7nawakl

  • MD5

    0dba3ba8cc86b33207f6c51a198c7f7b

  • SHA1

    309b42d9ef6a0249c28c654050a84d0e8f56680b

  • SHA256

    a7a1fee8ba4bf51c63e95b077e5e05c0e4cc069b013efdf46a7fe6563b279e24

  • SHA512

    d3ac6b0a380383d1fba0fa56a8e21a27a5f3730ce2fd8fe963f9b8b274e03b985e4b0969f51375be5aba4f7d3b9e04c7fe6fafdd9ab817e53599e8371c6ed7f2

  • SSDEEP

    6144:wHm3AIuZAIuDMVtM/zHm3AIuZAIuDMVtM/f:XAIuZAIuOlAIuZAIuO4

Score
10/10

Malware Config

Targets

    • Target

      a7a1fee8ba4bf51c63e95b077e5e05c0e4cc069b013efdf46a7fe6563b279e24

    • Size

      270KB

    • MD5

      0dba3ba8cc86b33207f6c51a198c7f7b

    • SHA1

      309b42d9ef6a0249c28c654050a84d0e8f56680b

    • SHA256

      a7a1fee8ba4bf51c63e95b077e5e05c0e4cc069b013efdf46a7fe6563b279e24

    • SHA512

      d3ac6b0a380383d1fba0fa56a8e21a27a5f3730ce2fd8fe963f9b8b274e03b985e4b0969f51375be5aba4f7d3b9e04c7fe6fafdd9ab817e53599e8371c6ed7f2

    • SSDEEP

      6144:wHm3AIuZAIuDMVtM/zHm3AIuZAIuDMVtM/f:XAIuZAIuOlAIuZAIuO4

    Score
    9/10
    • Renames multiple (520) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks