149c26a94c553619e6b622ff40a8fc98e2ee5d61cf4ac29c1808b1418e442937 | Triage

Sharing

General

Target

149c26a94c553619e6b622ff40a8fc98e2ee5d61cf4ac29c1808b1418e442937
Size

103KB
Sample

240817-xvj2js1hne
MD5

83831506057dedd8a53502e6223158a2
SHA1

5335544e99ef7387d3b4dbfbc041c412d10fdde9
SHA256

149c26a94c553619e6b622ff40a8fc98e2ee5d61cf4ac29c1808b1418e442937
SHA512

91dd83c1bc48d284a20175b3463b770f218447fe2fb6294b35c894ed4d62eb1ba138068ef0cc5559d6df2f3852a1d9bface81cb1c63c57277517b68ea3a712df
SSDEEP

768:W7BlpppARFbhbt7Y7wTCg0hcM0hcnj/7BlpppARFbhbt7Y7wTCg0hcM0hcnjM:W7ZppApN0hcM0hcj7ZppApN0hcM0hcI

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  149c26a94c553619e6b622ff40a8fc98e2ee5d61cf4ac29c1808b1418e442937
- Size
  
  103KB
- MD5
  
  83831506057dedd8a53502e6223158a2
- SHA1
  
  5335544e99ef7387d3b4dbfbc041c412d10fdde9
- SHA256
  
  149c26a94c553619e6b622ff40a8fc98e2ee5d61cf4ac29c1808b1418e442937
- SHA512
  
  91dd83c1bc48d284a20175b3463b770f218447fe2fb6294b35c894ed4d62eb1ba138068ef0cc5559d6df2f3852a1d9bface81cb1c63c57277517b68ea3a712df
- SSDEEP
  
  768:W7BlpppARFbhbt7Y7wTCg0hcM0hcnj/7BlpppARFbhbt7Y7wTCg0hcM0hcnjM:W7ZppApN0hcM0hcj7ZppApN0hcM0hcI
Score

9^/10

discovery ransomware
- Renames multiple (1332) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware