e902d71832ba217f12b4e0c25a335bda386177e49854a9cb08eb58d4cd2e3085 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e902d71832ba217f12b4e0c25a335bda386177e49854a9cb08eb58d4cd2e3085
Size

78KB
Sample

240808-e9dh7stbng
MD5

a62df52fbdc702adb94b6f2f2caf63c6
SHA1

b4b2e5b7178258b38e0d49f865314bcd70fa4545
SHA256

e902d71832ba217f12b4e0c25a335bda386177e49854a9cb08eb58d4cd2e3085
SHA512

488fddb59760ac2794d30a1b1b28c4030f55a9ce418b51a11d10b5c1a9872402df43f1a9c7392c1a3154542a849c6a76106d2478b614805d36adea0e1b6344d9
SSDEEP

1536:W7ZhA7pApM21LOA1LOrtkpt6h7ZhA7pApM21LOA1LOrtkpt6Gjv:6e7WpMgLOiLOrtje7WpMgLOiLOrtujv

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  e902d71832ba217f12b4e0c25a335bda386177e49854a9cb08eb58d4cd2e3085
- Size
  
  78KB
- MD5
  
  a62df52fbdc702adb94b6f2f2caf63c6
- SHA1
  
  b4b2e5b7178258b38e0d49f865314bcd70fa4545
- SHA256
  
  e902d71832ba217f12b4e0c25a335bda386177e49854a9cb08eb58d4cd2e3085
- SHA512
  
  488fddb59760ac2794d30a1b1b28c4030f55a9ce418b51a11d10b5c1a9872402df43f1a9c7392c1a3154542a849c6a76106d2478b614805d36adea0e1b6344d9
- SSDEEP
  
  1536:W7ZhA7pApM21LOA1LOrtkpt6h7ZhA7pApM21LOA1LOrtkpt6Gjv:6e7WpMgLOiLOrtje7WpMgLOiLOrtujv
Score

9^/10

discovery ransomware
- Renames multiple (4061) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware