d20547d3aa974c36e965ae0b1a7b96b9f231aedc4473dd7ac39db6d50ce01069 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f88d9628b603810cc1b45cea24642c0N.exe
Size

132KB
Sample

240728-agq7dazbmh
MD5

1f88d9628b603810cc1b45cea24642c0
SHA1

5fbddfaa7a8b70e2543b7e9743f1a7349af91748
SHA256

d20547d3aa974c36e965ae0b1a7b96b9f231aedc4473dd7ac39db6d50ce01069
SHA512

5f7bcca5c96b5d95d3c62b99e74828836eb55e2301e1f5f47e02305d0cb9f0f44f9107f1e568c30ddccb53ed76652f9f76b324d6230b4fce3a1b2eb93c10c1f8
SSDEEP

1536:W7ZppApBULcfpHLcfpX2/Nw/NwmxbYJ7ZppApBULcfpHLcfpX2/Nw/NwmxbYU:6pWpBwchcV2WxkpWpBwchcV2WxT

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  1f88d9628b603810cc1b45cea24642c0N.exe
- Size
  
  132KB
- MD5
  
  1f88d9628b603810cc1b45cea24642c0
- SHA1
  
  5fbddfaa7a8b70e2543b7e9743f1a7349af91748
- SHA256
  
  d20547d3aa974c36e965ae0b1a7b96b9f231aedc4473dd7ac39db6d50ce01069
- SHA512
  
  5f7bcca5c96b5d95d3c62b99e74828836eb55e2301e1f5f47e02305d0cb9f0f44f9107f1e568c30ddccb53ed76652f9f76b324d6230b4fce3a1b2eb93c10c1f8
- SSDEEP
  
  1536:W7ZppApBULcfpHLcfpX2/Nw/NwmxbYJ7ZppApBULcfpHLcfpX2/Nw/NwmxbYU:6pWpBwchcV2WxkpWpBwchcV2WxT
Score

9^/10

discovery ransomware
- Renames multiple (249) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware