337243123b1d1e2dd88c8121d0b0a09379aa8fea229a4613f989d48dc06f9e71 | Triage

Sharing

General

Target

0fbc0e2c515eb4b0942b2697f28e5020N.exe
Size

92KB
Sample

240817-vwfz6sxbrc
MD5

0fbc0e2c515eb4b0942b2697f28e5020
SHA1

0f92e9c23b1548c581cdc8e3eaf822c21590b76e
SHA256

337243123b1d1e2dd88c8121d0b0a09379aa8fea229a4613f989d48dc06f9e71
SHA512

6eaf91130a8ba6291e64d40530e1f6cae0841fd734a210ecc204cab0cb6da95c4c60465f2d263b83f4bb54870e7a3f05678d333cb80c64823b738985ad11c413
SSDEEP

768:W7BlpppARFbhbt7Y7eDDESENl7BlpppARFbhbt7Y7eDDESENI:W7ZppApnDDtol7ZppApnDDtoI

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  0fbc0e2c515eb4b0942b2697f28e5020N.exe
- Size
  
  92KB
- MD5
  
  0fbc0e2c515eb4b0942b2697f28e5020
- SHA1
  
  0f92e9c23b1548c581cdc8e3eaf822c21590b76e
- SHA256
  
  337243123b1d1e2dd88c8121d0b0a09379aa8fea229a4613f989d48dc06f9e71
- SHA512
  
  6eaf91130a8ba6291e64d40530e1f6cae0841fd734a210ecc204cab0cb6da95c4c60465f2d263b83f4bb54870e7a3f05678d333cb80c64823b738985ad11c413
- SSDEEP
  
  768:W7BlpppARFbhbt7Y7eDDESENl7BlpppARFbhbt7Y7eDDESENI:W7ZppApnDDtol7ZppApnDDtoI
Score

9^/10

discovery ransomware
- Renames multiple (4543) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware