469286554ea06d76d5a00d51ac4e66bd690f79100348501e8e97e8c6e0a18134 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

348245cae5acf4448fdd6798899c4140N.exe
Size

394KB
Sample

240817-b2gn4stamn
MD5

348245cae5acf4448fdd6798899c4140
SHA1

8b8177cf028f6c344fc2ea40e2761fb801511d3b
SHA256

469286554ea06d76d5a00d51ac4e66bd690f79100348501e8e97e8c6e0a18134
SHA512

9f007f20bae28b3e144b83237e6d0fa405f4321a36af845f3c8720f3da1cf9e43d3e116cfbf8fc6ded5080b6eb8e5cc8b03f3b8003d9794727fffde51156ad45
SSDEEP

6144:nHXfJT/4DO/B52pRr3zmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVz:3fJj4DO/B52nZPV

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  348245cae5acf4448fdd6798899c4140N.exe
- Size
  
  394KB
- MD5
  
  348245cae5acf4448fdd6798899c4140
- SHA1
  
  8b8177cf028f6c344fc2ea40e2761fb801511d3b
- SHA256
  
  469286554ea06d76d5a00d51ac4e66bd690f79100348501e8e97e8c6e0a18134
- SHA512
  
  9f007f20bae28b3e144b83237e6d0fa405f4321a36af845f3c8720f3da1cf9e43d3e116cfbf8fc6ded5080b6eb8e5cc8b03f3b8003d9794727fffde51156ad45
- SSDEEP
  
  6144:nHXfJT/4DO/B52pRr3zmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVz:3fJj4DO/B52nZPV
Score

9^/10

discovery ransomware
- Renames multiple (2955) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware