9f4211e5da4846e53894bbe031d2f4613efd96ef18537f8c9746a9073c02056b | Triage

Sharing

General

Target

ccf09cab8308abd6a618e55d625858c0N.exe
Size

205KB
Sample

240725-n1mvysxclr
MD5

ccf09cab8308abd6a618e55d625858c0
SHA1

62a0d994318fadf68f79bee199ea0b6bc5f2076a
SHA256

9f4211e5da4846e53894bbe031d2f4613efd96ef18537f8c9746a9073c02056b
SHA512

90d88e184f7aad6fedb7384497c909abdcaaf113eba3ad3d8f32d25db6f9a7798751fd24e59e6779096f33663244ee123018c1d968eaf537ca3d621e9860d097
SSDEEP

6144:RqKvb0CYJ973e+eKZOf7fyqKvb0CYJ973e+eKZOf7fw:vvbxYX7ZpvbxYX7ZD

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  ccf09cab8308abd6a618e55d625858c0N.exe
- Size
  
  205KB
- MD5
  
  ccf09cab8308abd6a618e55d625858c0
- SHA1
  
  62a0d994318fadf68f79bee199ea0b6bc5f2076a
- SHA256
  
  9f4211e5da4846e53894bbe031d2f4613efd96ef18537f8c9746a9073c02056b
- SHA512
  
  90d88e184f7aad6fedb7384497c909abdcaaf113eba3ad3d8f32d25db6f9a7798751fd24e59e6779096f33663244ee123018c1d968eaf537ca3d621e9860d097
- SSDEEP
  
  6144:RqKvb0CYJ973e+eKZOf7fyqKvb0CYJ973e+eKZOf7fw:vvbxYX7ZpvbxYX7ZD
Score

9^/10

discovery ransomware
- Renames multiple (4686) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware