56621bf934bddb03d2a408af775b88267ee63ae70e5e64a296c53de6bf59a5c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

626ecf8752105c60fdeb1d49cdd672f0N.exe
Size

185KB
Sample

240814-qt1vcavdma
MD5

626ecf8752105c60fdeb1d49cdd672f0
SHA1

f67140b7c509829b4dd88bff9e3c62c581a09f8d
SHA256

56621bf934bddb03d2a408af775b88267ee63ae70e5e64a296c53de6bf59a5c9
SHA512

b2a8e87de8010f481f01d65b8414d0d4e22f2ba0e4024ef3b63e1e4ab646a0fcc7a54f27881ce248b594c3dacfbaca6fd470eda2a16567a9fb7711114ca236cc
SSDEEP

3072:62ssWpGgrM+t58qKcAK+j4n7ByeFUb2ssWpGgrM+t58qKcAK+j4n7ByeFU/:MVwgrM0MeFUvVwgrM0MeFU/

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  626ecf8752105c60fdeb1d49cdd672f0N.exe
- Size
  
  185KB
- MD5
  
  626ecf8752105c60fdeb1d49cdd672f0
- SHA1
  
  f67140b7c509829b4dd88bff9e3c62c581a09f8d
- SHA256
  
  56621bf934bddb03d2a408af775b88267ee63ae70e5e64a296c53de6bf59a5c9
- SHA512
  
  b2a8e87de8010f481f01d65b8414d0d4e22f2ba0e4024ef3b63e1e4ab646a0fcc7a54f27881ce248b594c3dacfbaca6fd470eda2a16567a9fb7711114ca236cc
- SSDEEP
  
  3072:62ssWpGgrM+t58qKcAK+j4n7ByeFUb2ssWpGgrM+t58qKcAK+j4n7ByeFU/:MVwgrM0MeFUvVwgrM0MeFU/
Score

9^/10

discovery ransomware
- Renames multiple (3002) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware