ffa6152af808c7babf80fb4c05ac01ec8a2cd3c3dfd6548c84e53c6e3ad2e342 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffa6152af808c7babf80fb4c05ac01ec8a2cd3c3dfd6548c84e53c6e3ad2e342
Size

85KB
Sample

240812-fdjwsazgpc
MD5

667c277b578a4569b153aa784273b2e3
SHA1

72143240af4650c6fe0ce654e126969f962179d5
SHA256

ffa6152af808c7babf80fb4c05ac01ec8a2cd3c3dfd6548c84e53c6e3ad2e342
SHA512

8341a40263ffeea872203ffc63568fe2a86f0e43e5be824d9f5031c053b8d9f6080d383fa4fafe98cbef86882c46dab89d37cb2d544b5b044343e9ea5d36fcc3
SSDEEP

1536:W7ZppApBULcfpHLcfpyDUdyGdy/7ZppApBULcfpHLcfpyDUdyGdybEB:6pWpBwchcwDXpWpBwchcwDk

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  ffa6152af808c7babf80fb4c05ac01ec8a2cd3c3dfd6548c84e53c6e3ad2e342
- Size
  
  85KB
- MD5
  
  667c277b578a4569b153aa784273b2e3
- SHA1
  
  72143240af4650c6fe0ce654e126969f962179d5
- SHA256
  
  ffa6152af808c7babf80fb4c05ac01ec8a2cd3c3dfd6548c84e53c6e3ad2e342
- SHA512
  
  8341a40263ffeea872203ffc63568fe2a86f0e43e5be824d9f5031c053b8d9f6080d383fa4fafe98cbef86882c46dab89d37cb2d544b5b044343e9ea5d36fcc3
- SSDEEP
  
  1536:W7ZppApBULcfpHLcfpyDUdyGdy/7ZppApBULcfpHLcfpyDUdyGdybEB:6pWpBwchcwDXpWpBwchcwDk
Score

9^/10

discovery ransomware
- Renames multiple (1341) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware