5f9008269f22e1f47a25445391586cf1cf0eb41c01558767654ecc0cfd6277f9 | Triage

Sharing

General

Target

5f9008269f22e1f47a25445391586cf1cf0eb41c01558767654ecc0cfd6277f9
Size

188KB
Sample

240810-1zl89avbqg
MD5

acae61847985b4326fcdf2b580a86804
SHA1

892539fdaa6c5422787053301e0c66cfe6e0e168
SHA256

5f9008269f22e1f47a25445391586cf1cf0eb41c01558767654ecc0cfd6277f9
SHA512

92e9d4fc2ee159db40c329223eeb1890f6693ea2ef974f69c8f2a631530e47fd0804e13664f6a1034eadcc32d33758fc29abf38787b37779e6668b81c87312ef
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB7:PqFF2Ie+efsLQqFF2Ie+efsLl

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  5f9008269f22e1f47a25445391586cf1cf0eb41c01558767654ecc0cfd6277f9
- Size
  
  188KB
- MD5
  
  acae61847985b4326fcdf2b580a86804
- SHA1
  
  892539fdaa6c5422787053301e0c66cfe6e0e168
- SHA256
  
  5f9008269f22e1f47a25445391586cf1cf0eb41c01558767654ecc0cfd6277f9
- SHA512
  
  92e9d4fc2ee159db40c329223eeb1890f6693ea2ef974f69c8f2a631530e47fd0804e13664f6a1034eadcc32d33758fc29abf38787b37779e6668b81c87312ef
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB7:PqFF2Ie+efsLQqFF2Ie+efsLl
Score

9^/10

discovery ransomware
- Renames multiple (4462) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware