5097685ebf426e93fac45bb036008446f39f103125edcb6a6cf340ef4826026b | Triage

Sharing

General

Target

06f9f41d01a36849b59b677463fe5d80N.exe
Size

135KB
Sample

240801-1gx8ssxbqm
MD5

06f9f41d01a36849b59b677463fe5d80
SHA1

6b4f6fb6b4b46c16eaa3561607b737bb896357ea
SHA256

5097685ebf426e93fac45bb036008446f39f103125edcb6a6cf340ef4826026b
SHA512

8cba2034474c3d387ab56afcac64f38e0aa0c03daba8d76eae0112b50a3242c7f2c88ffc804c3d6a4b3f75a386b3f7c480966b9d5acd33c4096781b4716492ec
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5D4QWpze+eJfFpsJOfFpsJ5DqTdc6e6kvNDck7Tdc6eW:Lpe+ewDgpe+ewDqTdc6e6kvNDck7Tdcc

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  06f9f41d01a36849b59b677463fe5d80N.exe
- Size
  
  135KB
- MD5
  
  06f9f41d01a36849b59b677463fe5d80
- SHA1
  
  6b4f6fb6b4b46c16eaa3561607b737bb896357ea
- SHA256
  
  5097685ebf426e93fac45bb036008446f39f103125edcb6a6cf340ef4826026b
- SHA512
  
  8cba2034474c3d387ab56afcac64f38e0aa0c03daba8d76eae0112b50a3242c7f2c88ffc804c3d6a4b3f75a386b3f7c480966b9d5acd33c4096781b4716492ec
- SSDEEP
  
  3072:9QWpze+eJfFpsJOfFpsJ5D4QWpze+eJfFpsJOfFpsJ5DqTdc6e6kvNDck7Tdc6eW:Lpe+ewDgpe+ewDqTdc6e6kvNDck7Tdcc
Score

9^/10

discovery ransomware
- Renames multiple (3686) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware