de28376f5261c4c010547b0f7ebb0cc77bc27d8737852b608aabd3b8eb2bb56b | Triage

Sharing

General

Target

029c0b1d7ff91ed2f7ff7a454dd50bb0N.exe
Size

77KB
Sample

240801-zgldkazgnb
MD5

029c0b1d7ff91ed2f7ff7a454dd50bb0
SHA1

4169c2948ef56fd02d975de5a2f17d60c203bcdc
SHA256

de28376f5261c4c010547b0f7ebb0cc77bc27d8737852b608aabd3b8eb2bb56b
SHA512

4661876471db334a7cccbe759f4228faf8a48612a1ecec1a3009a332117aa74be575945edf913c9e9778f0e05a2019230494170c265d90f0a35106a6e2536efd
SSDEEP

1536:W7ZppApBULcfpHLcfpd7ZppApBULcfpHLcfpS:6pWpBwchcRpWpBwchc4

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  029c0b1d7ff91ed2f7ff7a454dd50bb0N.exe
- Size
  
  77KB
- MD5
  
  029c0b1d7ff91ed2f7ff7a454dd50bb0
- SHA1
  
  4169c2948ef56fd02d975de5a2f17d60c203bcdc
- SHA256
  
  de28376f5261c4c010547b0f7ebb0cc77bc27d8737852b608aabd3b8eb2bb56b
- SHA512
  
  4661876471db334a7cccbe759f4228faf8a48612a1ecec1a3009a332117aa74be575945edf913c9e9778f0e05a2019230494170c265d90f0a35106a6e2536efd
- SSDEEP
  
  1536:W7ZppApBULcfpHLcfpd7ZppApBULcfpHLcfpS:6pWpBwchcRpWpBwchc4
Score

9^/10

discovery ransomware
- Renames multiple (4442) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware