0594808e6a3e3aa8f1d99064d5e8b36de99ad849a9e7745ff4e75630fd58eacc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0594808e6a3e3aa8f1d99064d5e8b36de99ad849a9e7745ff4e75630fd58eacc
Size

150KB
Sample

240817-w51llszerd
MD5

16b47abf3ae2bd30cf72bbdaa2433d88
SHA1

53630fb0f903dbfc7289b52c2d6e90dd27c0135b
SHA256

0594808e6a3e3aa8f1d99064d5e8b36de99ad849a9e7745ff4e75630fd58eacc
SHA512

ed84ed7686526637459782d61fd8945caf6e715c5823162c3a18516f0014ca3d2321ff6c2699098a6f67b252c395ced45b982b105484b3bb1e5c23a9121bb784
SSDEEP

1536:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlI7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlz:6e7WpRaSljGe7WpRaSljx

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  0594808e6a3e3aa8f1d99064d5e8b36de99ad849a9e7745ff4e75630fd58eacc
- Size
  
  150KB
- MD5
  
  16b47abf3ae2bd30cf72bbdaa2433d88
- SHA1
  
  53630fb0f903dbfc7289b52c2d6e90dd27c0135b
- SHA256
  
  0594808e6a3e3aa8f1d99064d5e8b36de99ad849a9e7745ff4e75630fd58eacc
- SHA512
  
  ed84ed7686526637459782d61fd8945caf6e715c5823162c3a18516f0014ca3d2321ff6c2699098a6f67b252c395ced45b982b105484b3bb1e5c23a9121bb784
- SSDEEP
  
  1536:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlI7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlz:6e7WpRaSljGe7WpRaSljx
Score

9^/10

discovery ransomware
- Renames multiple (4727) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware