ffd11c0a749cfada311750257d17ba85708dbebdd6cbc71f7a6b3083579ed976 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffd11c0a749cfada311750257d17ba85708dbebdd6cbc71f7a6b3083579ed976
Size

111KB
Sample

240809-e8meqazhmf
MD5

a92a44a8d870a1d0e98db26246ea845c
SHA1

8a25810e7e0536eefa895544939c16f03c6126c6
SHA256

ffd11c0a749cfada311750257d17ba85708dbebdd6cbc71f7a6b3083579ed976
SHA512

0de96088ddc73fde8c629806d827840b35ee9b73eecc8616ae92023421b9582fafd0630a8894ad9f14e7cca4386f386743738940f42701954cafd0f642bfa4fa
SSDEEP

768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV6nE1016Y/7BlpQpARFbhn54fmiy+3J:/7ZQpApmi6nAY/7ZQpApmi6nAYx

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  ffd11c0a749cfada311750257d17ba85708dbebdd6cbc71f7a6b3083579ed976
- Size
  
  111KB
- MD5
  
  a92a44a8d870a1d0e98db26246ea845c
- SHA1
  
  8a25810e7e0536eefa895544939c16f03c6126c6
- SHA256
  
  ffd11c0a749cfada311750257d17ba85708dbebdd6cbc71f7a6b3083579ed976
- SHA512
  
  0de96088ddc73fde8c629806d827840b35ee9b73eecc8616ae92023421b9582fafd0630a8894ad9f14e7cca4386f386743738940f42701954cafd0f642bfa4fa
- SSDEEP
  
  768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV6nE1016Y/7BlpQpARFbhn54fmiy+3J:/7ZQpApmi6nAY/7ZQpApmi6nAYx
Score

9^/10

discovery ransomware
- Renames multiple (6175) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware