f0686f728a6135574c4d9e8655beddece65d1f3e0af61099fbef9328c09ee63c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c47a594cd8e3d1302aa032e43f9dcdb0N.exe
Size

663KB
Sample

240806-sqkp3aweme
MD5

c47a594cd8e3d1302aa032e43f9dcdb0
SHA1

17cc21adbf926a44491ee00114a5cbfa2492d242
SHA256

f0686f728a6135574c4d9e8655beddece65d1f3e0af61099fbef9328c09ee63c
SHA512

a0ea96ab2a7d2941cd6b85203cae30df9735e791f04bd6f2f4a8abe1b0126c18579686b52b378793e8be54e6e59b876586c80331fbed923f9f72aac726973e7d
SSDEEP

6144:WuCNK0N0lIvRkKUAUACI1RNEdRXCNK0N0lIvRkKUAUACI1RNEdYuCNK0N0lIvRki:L0Ng0NE0Ng0NT

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  c47a594cd8e3d1302aa032e43f9dcdb0N.exe
- Size
  
  663KB
- MD5
  
  c47a594cd8e3d1302aa032e43f9dcdb0
- SHA1
  
  17cc21adbf926a44491ee00114a5cbfa2492d242
- SHA256
  
  f0686f728a6135574c4d9e8655beddece65d1f3e0af61099fbef9328c09ee63c
- SHA512
  
  a0ea96ab2a7d2941cd6b85203cae30df9735e791f04bd6f2f4a8abe1b0126c18579686b52b378793e8be54e6e59b876586c80331fbed923f9f72aac726973e7d
- SSDEEP
  
  6144:WuCNK0N0lIvRkKUAUACI1RNEdRXCNK0N0lIvRkKUAUACI1RNEdYuCNK0N0lIvRki:L0Ng0NE0Ng0NT
Score

9^/10

discovery ransomware
- Renames multiple (2092) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware