90ae7bf26c9cd9deab45aec81cecc074c6ba15978217f353c7f1d68b868d63cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

891aca0006f2d681280e0d1f44720680N.exe
Size

196KB
Sample

240802-lp3e6avapm
MD5

891aca0006f2d681280e0d1f44720680
SHA1

4937a67b8cb1fdf2f1058acb22cb90b2d4820c59
SHA256

90ae7bf26c9cd9deab45aec81cecc074c6ba15978217f353c7f1d68b868d63cf
SHA512

46bbe2b675f4035d1ac5da82183d187e99bf2fb5340afb46a793d563e1596cabccf62df539878736bf49dd21e90ab523da6666e6753b676b6dda27096462701e
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBM:PqFF2Ie+effyvqFF2Ie+effyX

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  891aca0006f2d681280e0d1f44720680N.exe
- Size
  
  196KB
- MD5
  
  891aca0006f2d681280e0d1f44720680
- SHA1
  
  4937a67b8cb1fdf2f1058acb22cb90b2d4820c59
- SHA256
  
  90ae7bf26c9cd9deab45aec81cecc074c6ba15978217f353c7f1d68b868d63cf
- SHA512
  
  46bbe2b675f4035d1ac5da82183d187e99bf2fb5340afb46a793d563e1596cabccf62df539878736bf49dd21e90ab523da6666e6753b676b6dda27096462701e
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBM:PqFF2Ie+effyvqFF2Ie+effyX
Score

9^/10

discovery ransomware
- Renames multiple (3472) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware