d08ec3373f1e1c2e4efd00ec4a5dd50ac8591668ee3b4f8f0a380f2b3d407849 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ecfef8ffca241bbb8ad14b029b87100N.exe
Size

207KB
Sample

240805-1lt2yatalf
MD5

0ecfef8ffca241bbb8ad14b029b87100
SHA1

46329264eeda671be8189814075fdab713908a67
SHA256

d08ec3373f1e1c2e4efd00ec4a5dd50ac8591668ee3b4f8f0a380f2b3d407849
SHA512

9eb5a4a7c3f92cbcaaf6f3ba5e723e23ecb3cb358b93412757c9d280d4fbc4e3ffef33a42abcd46b41f621d513f3cc6f980468f90ae4355898143451477dd026
SSDEEP

6144:RqKvb0CYJ973e+eKZ0VQqKvb0CYJ973e+eKZ0Vy:vvbxYX7Z0V8vbxYX7Z0Vy

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  0ecfef8ffca241bbb8ad14b029b87100N.exe
- Size
  
  207KB
- MD5
  
  0ecfef8ffca241bbb8ad14b029b87100
- SHA1
  
  46329264eeda671be8189814075fdab713908a67
- SHA256
  
  d08ec3373f1e1c2e4efd00ec4a5dd50ac8591668ee3b4f8f0a380f2b3d407849
- SHA512
  
  9eb5a4a7c3f92cbcaaf6f3ba5e723e23ecb3cb358b93412757c9d280d4fbc4e3ffef33a42abcd46b41f621d513f3cc6f980468f90ae4355898143451477dd026
- SSDEEP
  
  6144:RqKvb0CYJ973e+eKZ0VQqKvb0CYJ973e+eKZ0Vy:vvbxYX7Z0V8vbxYX7Z0Vy
Score

9^/10

discovery ransomware
- Renames multiple (2929) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware