3532bb286b0820e08c6c5b62bd657bd6e5ab6aa4feff8d3af0d78a3fa09ad89f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3532bb286b0820e08c6c5b62bd657bd6e5ab6aa4feff8d3af0d78a3fa09ad89f
Size

91KB
Sample

240808-yx7fassfnc
MD5

b6cd5b463c76ec9fcaae61b9ee3408cf
SHA1

4dc415c3b90d9e65f5112d2db79786e4e8917d3c
SHA256

3532bb286b0820e08c6c5b62bd657bd6e5ab6aa4feff8d3af0d78a3fa09ad89f
SHA512

1dc9fff5072d0ad164edcc40e664224a98142e3739db6e27a22fdefef4e0fdb783b31e934e40f66a074cac097e09af2544bdd8e10c3b488bc2762e7381b458a5
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyfxAkJhxAkJ/1Pu7BlpppARFbhHFoqAJwBQ:W7ZppApyVyjVyy7ZppApyVyjVy/

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  3532bb286b0820e08c6c5b62bd657bd6e5ab6aa4feff8d3af0d78a3fa09ad89f
- Size
  
  91KB
- MD5
  
  b6cd5b463c76ec9fcaae61b9ee3408cf
- SHA1
  
  4dc415c3b90d9e65f5112d2db79786e4e8917d3c
- SHA256
  
  3532bb286b0820e08c6c5b62bd657bd6e5ab6aa4feff8d3af0d78a3fa09ad89f
- SHA512
  
  1dc9fff5072d0ad164edcc40e664224a98142e3739db6e27a22fdefef4e0fdb783b31e934e40f66a074cac097e09af2544bdd8e10c3b488bc2762e7381b458a5
- SSDEEP
  
  768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyfxAkJhxAkJ/1Pu7BlpppARFbhHFoqAJwBQ:W7ZppApyVyjVyy7ZppApyVyjVy/
Score

9^/10

discovery ransomware
- Renames multiple (4867) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware