c7918aa22cd1456b28d6d6d5de6573266a4944fe3122162d859ea2906e27713e | Triage

Sharing

General

Target

c7918aa22cd1456b28d6d6d5de6573266a4944fe3122162d859ea2906e27713e
Size

111KB
Sample

240802-fgmf3swhqr
MD5

a99a62dc20926959c1c74477a762c52c
SHA1

e462f07dfb445740b270de58d9c68e92b219e43f
SHA256

c7918aa22cd1456b28d6d6d5de6573266a4944fe3122162d859ea2906e27713e
SHA512

66eae14e196fce239f1e9f93a25300bdf73ffa82d9f23e32d592a0e273d1185713977e5768b0689e46dd7be1a13a279b77946d0a823c16bd5f979642c2aa5581
SSDEEP

1536:W7ZppApBULcfpHLcfpX2/Nw/Nwmxq7ZppApBULcfpHLcfpX2/Nw/Nwmxl:6pWpBwchcV2WxupWpBwchcV2Wxl

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  c7918aa22cd1456b28d6d6d5de6573266a4944fe3122162d859ea2906e27713e
- Size
  
  111KB
- MD5
  
  a99a62dc20926959c1c74477a762c52c
- SHA1
  
  e462f07dfb445740b270de58d9c68e92b219e43f
- SHA256
  
  c7918aa22cd1456b28d6d6d5de6573266a4944fe3122162d859ea2906e27713e
- SHA512
  
  66eae14e196fce239f1e9f93a25300bdf73ffa82d9f23e32d592a0e273d1185713977e5768b0689e46dd7be1a13a279b77946d0a823c16bd5f979642c2aa5581
- SSDEEP
  
  1536:W7ZppApBULcfpHLcfpX2/Nw/Nwmxq7ZppApBULcfpHLcfpX2/Nw/Nwmxl:6pWpBwchcV2WxupWpBwchcV2Wxl
Score

9^/10

discovery ransomware
- Renames multiple (4300) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware