b100096858bd81d4892aba2f5527f514cb7dfcec2f45f6d74dd7cb4c7a6a1938 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bceba1fff5c202f4e56f0b460d7326c0N.exe
Size

563KB
Sample

240814-ak232sxbnm
MD5

bceba1fff5c202f4e56f0b460d7326c0
SHA1

efb712e03b22dcedf593759587395480f84432cf
SHA256

b100096858bd81d4892aba2f5527f514cb7dfcec2f45f6d74dd7cb4c7a6a1938
SHA512

bf1d4d209d1adedb78be53f1bedb6bc2494bed57263c22fcaa754b87bccbaf87573b5e8949b7d88fe73c0d3d2cff91769b99518fe02c8276b6b05d0a1f8bf013
SSDEEP

3072:6e7WpGlCKP1Q5IkKkNe7WpGlCKP1Q5IkKkocX:RqAlSKkoqAlSKkocX

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  bceba1fff5c202f4e56f0b460d7326c0N.exe
- Size
  
  563KB
- MD5
  
  bceba1fff5c202f4e56f0b460d7326c0
- SHA1
  
  efb712e03b22dcedf593759587395480f84432cf
- SHA256
  
  b100096858bd81d4892aba2f5527f514cb7dfcec2f45f6d74dd7cb4c7a6a1938
- SHA512
  
  bf1d4d209d1adedb78be53f1bedb6bc2494bed57263c22fcaa754b87bccbaf87573b5e8949b7d88fe73c0d3d2cff91769b99518fe02c8276b6b05d0a1f8bf013
- SSDEEP
  
  3072:6e7WpGlCKP1Q5IkKkNe7WpGlCKP1Q5IkKkocX:RqAlSKkoqAlSKkocX
Score

9^/10

discovery ransomware
- Renames multiple (233) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware