e2daeea3e6335d24a2587009f8ae1cb75ff2b4eeea03965796a30a78749e6cc9 | Triage

Sharing

General

Target

e2daeea3e6335d24a2587009f8ae1cb75ff2b4eeea03965796a30a78749e6cc9
Size

84KB
Sample

240817-g6c5da1gkb
MD5

be6661abe1eea6408565239fba25850d
SHA1

29fe7259f2c967c63c2c7478b40539eca30a60a0
SHA256

e2daeea3e6335d24a2587009f8ae1cb75ff2b4eeea03965796a30a78749e6cc9
SHA512

91e52b227c6e12e38e69c641e7d038fad4ff3affe236e2a4612888e703c3e7766e9516a355baa7b4351f4b322a0afb2984dbf953e98478b1e7aa51e3b29f1dc7
SSDEEP

768:W7Blp+pARFbhBgnKL+LK1KK1RAb7Blp+pARFbhBgnKL+LK1KK1RAxw2Yw2C:W7Z+pAp2nKLR7m7Z+pAp2nKLR7O

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  e2daeea3e6335d24a2587009f8ae1cb75ff2b4eeea03965796a30a78749e6cc9
- Size
  
  84KB
- MD5
  
  be6661abe1eea6408565239fba25850d
- SHA1
  
  29fe7259f2c967c63c2c7478b40539eca30a60a0
- SHA256
  
  e2daeea3e6335d24a2587009f8ae1cb75ff2b4eeea03965796a30a78749e6cc9
- SHA512
  
  91e52b227c6e12e38e69c641e7d038fad4ff3affe236e2a4612888e703c3e7766e9516a355baa7b4351f4b322a0afb2984dbf953e98478b1e7aa51e3b29f1dc7
- SSDEEP
  
  768:W7Blp+pARFbhBgnKL+LK1KK1RAb7Blp+pARFbhBgnKL+LK1KK1RAxw2Yw2C:W7Z+pAp2nKLR7m7Z+pAp2nKLR7O
Score

9^/10

discovery ransomware
- Renames multiple (4400) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware