7101522d756f2dcbe1bbcbce787af759775005b0d95f390efc003588a52336d4 | Triage

Sharing

General

Target

6f1e04d541e5e397fb7fcc0369dc3700N.exe
Size

167KB
Sample

240817-twe77sxgnr
MD5

6f1e04d541e5e397fb7fcc0369dc3700
SHA1

c8aa0df69fc998345d955386f28decf4d02a2719
SHA256

7101522d756f2dcbe1bbcbce787af759775005b0d95f390efc003588a52336d4
SHA512

8ef14163dcd161a704f8c61f0b59547fb7a628ad26a16fe14cca19ec29f06f2b87863b8f51a964683f67459f8308f2619f01e148c94342c0ade0ec219d2fe9ee
SSDEEP

3072:6e7WpP9oVLQthbYY9oVLQthbUvRIWI9e7WpP9oVLQthbYY9oVLQthbUvRIWIw:RqAZIWIYqAZIWIw

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  6f1e04d541e5e397fb7fcc0369dc3700N.exe
- Size
  
  167KB
- MD5
  
  6f1e04d541e5e397fb7fcc0369dc3700
- SHA1
  
  c8aa0df69fc998345d955386f28decf4d02a2719
- SHA256
  
  7101522d756f2dcbe1bbcbce787af759775005b0d95f390efc003588a52336d4
- SHA512
  
  8ef14163dcd161a704f8c61f0b59547fb7a628ad26a16fe14cca19ec29f06f2b87863b8f51a964683f67459f8308f2619f01e148c94342c0ade0ec219d2fe9ee
- SSDEEP
  
  3072:6e7WpP9oVLQthbYY9oVLQthbUvRIWI9e7WpP9oVLQthbYY9oVLQthbUvRIWIw:RqAZIWIYqAZIWIw
Score

9^/10

discovery ransomware
- Renames multiple (3999) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware