bc335862b2bedd5d6e508140861bec0367848f29ca4acea8f98dc1b0eed4e6ef | Triage

Sharing

General

Target

bc335862b2bedd5d6e508140861bec0367848f29ca4acea8f98dc1b0eed4e6ef
Size

138KB
Sample

240810-cdwzka1aql
MD5

c09a43285ed1db4a112c5c9c1205b1e9
SHA1

26caefd1ed93f0d8426ca320517e51da7a15018f
SHA256

bc335862b2bedd5d6e508140861bec0367848f29ca4acea8f98dc1b0eed4e6ef
SHA512

352c5215fedd0aae6896b5ea9edff34c5341d1254983f0b8ff5b71b043dd3303dd48a82f81974c1c9337c93531efe61e7bf24996436685cc92d0d49fbf590eb2
SSDEEP

3072:62ssWpcU7lK1lKgk7i/D5zf6ydyf+abMkF24kzK3jbrCkoRWNkzi/D5zf6ydyf++:MVyU7lK1lKPVyU7lK1lKs

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  bc335862b2bedd5d6e508140861bec0367848f29ca4acea8f98dc1b0eed4e6ef
- Size
  
  138KB
- MD5
  
  c09a43285ed1db4a112c5c9c1205b1e9
- SHA1
  
  26caefd1ed93f0d8426ca320517e51da7a15018f
- SHA256
  
  bc335862b2bedd5d6e508140861bec0367848f29ca4acea8f98dc1b0eed4e6ef
- SHA512
  
  352c5215fedd0aae6896b5ea9edff34c5341d1254983f0b8ff5b71b043dd3303dd48a82f81974c1c9337c93531efe61e7bf24996436685cc92d0d49fbf590eb2
- SSDEEP
  
  3072:62ssWpcU7lK1lKgk7i/D5zf6ydyf+abMkF24kzK3jbrCkoRWNkzi/D5zf6ydyf++:MVyU7lK1lKPVyU7lK1lKs
Score

9^/10

discovery ransomware
- Renames multiple (4376) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware