General

  • Target

    c2fa417061458e4495ac8518e43bbb2ea1a968b21deefb9078c6fbe975ca13bd

  • Size

    115KB

  • Sample

    240617-cdyhdsygpf

  • MD5

    a5b1ae66c748b2178b4014d5a4572416

  • SHA1

    314a9fc1daeb2b817356d5bfb68e26642645ebbf

  • SHA256

    c2fa417061458e4495ac8518e43bbb2ea1a968b21deefb9078c6fbe975ca13bd

  • SHA512

    33a482697229fd1750579098fe74a86ce06a23493dd946830d7addf168937c66eb5744410e9f56fa5a83de2f5dd5f1608500fafd824f9d1173e194718d4d3831

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/ITWn1++PJHJXA/OsIZfzc3/Q8asUZ:KQSohsUsUKPQSohsUsUK6

Score
10/10

Malware Config

Targets

    • Target

      c2fa417061458e4495ac8518e43bbb2ea1a968b21deefb9078c6fbe975ca13bd

    • Size

      115KB

    • MD5

      a5b1ae66c748b2178b4014d5a4572416

    • SHA1

      314a9fc1daeb2b817356d5bfb68e26642645ebbf

    • SHA256

      c2fa417061458e4495ac8518e43bbb2ea1a968b21deefb9078c6fbe975ca13bd

    • SHA512

      33a482697229fd1750579098fe74a86ce06a23493dd946830d7addf168937c66eb5744410e9f56fa5a83de2f5dd5f1608500fafd824f9d1173e194718d4d3831

    • SSDEEP

      1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/ITWn1++PJHJXA/OsIZfzc3/Q8asUZ:KQSohsUsUKPQSohsUsUK6

    Score
    9/10
    • Renames multiple (4841) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks