767518eb2949b8b2e67cf9346b953bb9cb103a238e6e14e10e4a98d5d8926274 | Triage

Sharing

General

Target

18298da0280e3792fa7bbb02403fd470N.exe
Size

172KB
Sample

240805-2fntea1aln
MD5

18298da0280e3792fa7bbb02403fd470
SHA1

b73f2b919d85c19093f5fb70102bd31080995051
SHA256

767518eb2949b8b2e67cf9346b953bb9cb103a238e6e14e10e4a98d5d8926274
SHA512

a85253f01594483f1bc6677bd6866e71f78db4318c25ad9847c044844adbe3345ed42d3be6655944a0f4f24d863b918bfb30fdcd0d8a61feed3277827ea7b805
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBL:PqFF2Ie+eFYDUqFF2Ie+eFYDJ

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  18298da0280e3792fa7bbb02403fd470N.exe
- Size
  
  172KB
- MD5
  
  18298da0280e3792fa7bbb02403fd470
- SHA1
  
  b73f2b919d85c19093f5fb70102bd31080995051
- SHA256
  
  767518eb2949b8b2e67cf9346b953bb9cb103a238e6e14e10e4a98d5d8926274
- SHA512
  
  a85253f01594483f1bc6677bd6866e71f78db4318c25ad9847c044844adbe3345ed42d3be6655944a0f4f24d863b918bfb30fdcd0d8a61feed3277827ea7b805
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBL:PqFF2Ie+eFYDUqFF2Ie+eFYDJ
Score

9^/10

discovery ransomware
- Renames multiple (3589) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware