b8ddddf65637ba42c61cddfe1039d7e799f0b12fd17ffa8553d2fd75636c0036 | Triage

Sharing

General

Target

5aaef52b4e6e1a68a4f3927c0b140960N.exe
Size

101KB
Sample

240724-hdhd3awbpb
MD5

5aaef52b4e6e1a68a4f3927c0b140960
SHA1

f6470c419487d469c17441eb010c7c78b1a9aebb
SHA256

b8ddddf65637ba42c61cddfe1039d7e799f0b12fd17ffa8553d2fd75636c0036
SHA512

52251557f1f9f01d22b4ee862447e27301d28a2ced58095cef08cd98e15836dbfd8981e83a882a9728381267df84d3ef85187036fe1cf212af973e3d4e5508cc
SSDEEP

768:/7BlpQpARFbhtF1XxXEhk8ssACJfxRLsACJfxR9a07BlpQpARFbhtF1XxXEhk8sl:/7ZQpAp9XxXEhJwZ7ZQpAp9XxXEhJwJ

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  5aaef52b4e6e1a68a4f3927c0b140960N.exe
- Size
  
  101KB
- MD5
  
  5aaef52b4e6e1a68a4f3927c0b140960
- SHA1
  
  f6470c419487d469c17441eb010c7c78b1a9aebb
- SHA256
  
  b8ddddf65637ba42c61cddfe1039d7e799f0b12fd17ffa8553d2fd75636c0036
- SHA512
  
  52251557f1f9f01d22b4ee862447e27301d28a2ced58095cef08cd98e15836dbfd8981e83a882a9728381267df84d3ef85187036fe1cf212af973e3d4e5508cc
- SSDEEP
  
  768:/7BlpQpARFbhtF1XxXEhk8ssACJfxRLsACJfxR9a07BlpQpARFbhtF1XxXEhk8sl:/7ZQpAp9XxXEhJwZ7ZQpAp9XxXEhJwJ
Score

9^/10

discovery ransomware
- Renames multiple (3745) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware