382cbcbb3f3a7e247b280112d380b1ebfbd0e8348cd8c3e2ce2645a0f6a037f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67daedbc88ad893541136b7c393f76f0N.exe
Size

208KB
Sample

240813-vmxass1alk
MD5

67daedbc88ad893541136b7c393f76f0
SHA1

478917119bcd32a0740d3ca55ebcef4fd888f72b
SHA256

382cbcbb3f3a7e247b280112d380b1ebfbd0e8348cd8c3e2ce2645a0f6a037f2
SHA512

bae692f49bda1f756850f7b5c326c3a342dd7aeb1c6bd8a3ac788d873a26683a49de59b2456f5ae66e07ece5249dbc002994814cebb7a1cdfb1b97cdc69af460
SSDEEP

3072:6DWpwE7oL2e+efZwZ08i8z3MLDDWpwE7oL2e+efZwZ08i8z3MLZ:dN/e+efimJa3MLmN/e+efimJa3MLZ

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  67daedbc88ad893541136b7c393f76f0N.exe
- Size
  
  208KB
- MD5
  
  67daedbc88ad893541136b7c393f76f0
- SHA1
  
  478917119bcd32a0740d3ca55ebcef4fd888f72b
- SHA256
  
  382cbcbb3f3a7e247b280112d380b1ebfbd0e8348cd8c3e2ce2645a0f6a037f2
- SHA512
  
  bae692f49bda1f756850f7b5c326c3a342dd7aeb1c6bd8a3ac788d873a26683a49de59b2456f5ae66e07ece5249dbc002994814cebb7a1cdfb1b97cdc69af460
- SSDEEP
  
  3072:6DWpwE7oL2e+efZwZ08i8z3MLDDWpwE7oL2e+efZwZ08i8z3MLZ:dN/e+efimJa3MLmN/e+efimJa3MLZ
Score

9^/10

discovery ransomware
- Renames multiple (285) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware