675adbe91b724627326f3a85f9f0b7b37c9f999da8ab6a736295070677eaa9ad | Triage

Sharing

General

Target

675adbe91b724627326f3a85f9f0b7b37c9f999da8ab6a736295070677eaa9ad
Size

208KB
Sample

240806-2mejbawhne
MD5

f7b552d4c657b8899ec0bf7ff3678857
SHA1

e0150d86c9dccf17db95ed67e58c2d60745d812a
SHA256

675adbe91b724627326f3a85f9f0b7b37c9f999da8ab6a736295070677eaa9ad
SHA512

85946b0db1dbf77ec42ffd58fbe9e3e0799f801779d123a2be5f3a5e328bd55564d33d23b9721928ed950ca9a120393e051fd13d7fd5b96dbde0b46b4a51d8c4
SSDEEP

6144:RqKvb0CYJ973e+eKZ0VfqKvb0CYJ973e+eKZ0VvvW:vvbxYX7Z0VxvbxYX7Z0VvvW

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  675adbe91b724627326f3a85f9f0b7b37c9f999da8ab6a736295070677eaa9ad
- Size
  
  208KB
- MD5
  
  f7b552d4c657b8899ec0bf7ff3678857
- SHA1
  
  e0150d86c9dccf17db95ed67e58c2d60745d812a
- SHA256
  
  675adbe91b724627326f3a85f9f0b7b37c9f999da8ab6a736295070677eaa9ad
- SHA512
  
  85946b0db1dbf77ec42ffd58fbe9e3e0799f801779d123a2be5f3a5e328bd55564d33d23b9721928ed950ca9a120393e051fd13d7fd5b96dbde0b46b4a51d8c4
- SSDEEP
  
  6144:RqKvb0CYJ973e+eKZ0VfqKvb0CYJ973e+eKZ0VvvW:vvbxYX7Z0VxvbxYX7Z0VvvW
Score

9^/10

discovery ransomware
- Renames multiple (3546) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware