412b10572c28c81f06ac11cfe1dec578e419f37c7e65d84a3580aad9de388051 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3a200936bf02e3329abd37a3c739bd0N.exe
Size

209KB
Sample

240813-wv15dstdll
MD5

b3a200936bf02e3329abd37a3c739bd0
SHA1

889803bc3b25200e32452faddc8705364c597cda
SHA256

412b10572c28c81f06ac11cfe1dec578e419f37c7e65d84a3580aad9de388051
SHA512

dfdaf8f49cfad01aaab39efc30181f0bef4db6f984be5db521ec23673f681d4cda809f8e5054384d10d374a33c7ebc5e1de87e8c350a52757ca57ed52c7cc33c
SSDEEP

6144:RqKvb0CYJ973e+eKZOf7fZqKvb0CYJ973e+eKZOf7fHKNKnF3KNKnFS:vvbxYX7ZEvbxYX7ZZ

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  b3a200936bf02e3329abd37a3c739bd0N.exe
- Size
  
  209KB
- MD5
  
  b3a200936bf02e3329abd37a3c739bd0
- SHA1
  
  889803bc3b25200e32452faddc8705364c597cda
- SHA256
  
  412b10572c28c81f06ac11cfe1dec578e419f37c7e65d84a3580aad9de388051
- SHA512
  
  dfdaf8f49cfad01aaab39efc30181f0bef4db6f984be5db521ec23673f681d4cda809f8e5054384d10d374a33c7ebc5e1de87e8c350a52757ca57ed52c7cc33c
- SSDEEP
  
  6144:RqKvb0CYJ973e+eKZOf7fZqKvb0CYJ973e+eKZOf7fHKNKnF3KNKnFS:vvbxYX7ZEvbxYX7ZZ
Score

9^/10

discovery ransomware
- Renames multiple (3419) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware