f2b6b187999e7ca2a3fb5b32334c4f1a7c206e7c369522093e45bbaa60ddbd4b | Triage

Sharing

General

Target

764d045e370d589a73ecbd95a30003a0N.exe
Size

140KB
Sample

240807-gtga9swera
MD5

764d045e370d589a73ecbd95a30003a0
SHA1

e9424ec29cb831af20e82e6ab5b9d6b678c367e4
SHA256

f2b6b187999e7ca2a3fb5b32334c4f1a7c206e7c369522093e45bbaa60ddbd4b
SHA512

69255aeec5c0efcb2d4d6b9cd3b0f39e00830f626c31ba17887408e96a20ad2f2db2d3e45f01de27cd3e4236e901bbbc438fe2bad37c080b2fa1da8a1d4c9824
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR7kzlSFe7WpMaxeb0CYJ97lEYNR7kzlSw:RqKvb0CYJ97MqKvb0CYJ978

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  764d045e370d589a73ecbd95a30003a0N.exe
- Size
  
  140KB
- MD5
  
  764d045e370d589a73ecbd95a30003a0
- SHA1
  
  e9424ec29cb831af20e82e6ab5b9d6b678c367e4
- SHA256
  
  f2b6b187999e7ca2a3fb5b32334c4f1a7c206e7c369522093e45bbaa60ddbd4b
- SHA512
  
  69255aeec5c0efcb2d4d6b9cd3b0f39e00830f626c31ba17887408e96a20ad2f2db2d3e45f01de27cd3e4236e901bbbc438fe2bad37c080b2fa1da8a1d4c9824
- SSDEEP
  
  3072:6e7WpMaxeb0CYJ97lEYNR7kzlSFe7WpMaxeb0CYJ97lEYNR7kzlSw:RqKvb0CYJ97MqKvb0CYJ978
Score

9^/10

discovery ransomware
- Renames multiple (4174) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware