2c58fb775e967bd56b85f0bf2dc534e6557e09108b7b15326d187cd0756ea736 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c58fb775e967bd56b85f0bf2dc534e6557e09108b7b15326d187cd0756ea736
Size

148KB
Sample

240725-ynapzavbja
MD5

737d202ae16b5bb0aa12d080167bc5f1
SHA1

02b26a39bb946353e8d0faa00e42d937e67e7b65
SHA256

2c58fb775e967bd56b85f0bf2dc534e6557e09108b7b15326d187cd0756ea736
SHA512

027c9c66d12710358a1ae4bdde168c20b538fac5709ed1b2f21a6408da11f014eeeda6b7a41ae0531e3329d941ddf3b084a7122f3781f9a5cd4157f2be74ea24
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eBSne7WpMaxeb0CYJ97lEYNR73e+eBSW:RqKvb0CYJ973e+eBSeqKvb0CYJ973e+i

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  2c58fb775e967bd56b85f0bf2dc534e6557e09108b7b15326d187cd0756ea736
- Size
  
  148KB
- MD5
  
  737d202ae16b5bb0aa12d080167bc5f1
- SHA1
  
  02b26a39bb946353e8d0faa00e42d937e67e7b65
- SHA256
  
  2c58fb775e967bd56b85f0bf2dc534e6557e09108b7b15326d187cd0756ea736
- SHA512
  
  027c9c66d12710358a1ae4bdde168c20b538fac5709ed1b2f21a6408da11f014eeeda6b7a41ae0531e3329d941ddf3b084a7122f3781f9a5cd4157f2be74ea24
- SSDEEP
  
  3072:6e7WpMaxeb0CYJ97lEYNR73e+eBSne7WpMaxeb0CYJ97lEYNR73e+eBSW:RqKvb0CYJ973e+eBSeqKvb0CYJ973e+i
Score

9^/10

discovery ransomware
- Renames multiple (4554) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware