4516ccb0b8eab8918ebe09e9b8f49797c99aeef0e1d19b4ac57ab8e76bf6b610 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20e18d6566585466578d00dd3091adf0N.exe
Size

91KB
Sample

240818-22wfdashrq
MD5

20e18d6566585466578d00dd3091adf0
SHA1

311f83fd1438e4778a5919fe09c32069126c4da8
SHA256

4516ccb0b8eab8918ebe09e9b8f49797c99aeef0e1d19b4ac57ab8e76bf6b610
SHA512

77661bf2603075058684cdd822b517d8067ef8bc9d83d7d922a0a8a90e7fed56132e17601da0bd3cf13c978b9c6c17135c011a414c37624fbe9e8dc95bd94309
SSDEEP

1536:W7ZppApBULcfpHLcfpyDoAW7ZppApBULcfpHLcfpyDoAi:6pWpBwchcwDgpWpBwchcwDM

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  20e18d6566585466578d00dd3091adf0N.exe
- Size
  
  91KB
- MD5
  
  20e18d6566585466578d00dd3091adf0
- SHA1
  
  311f83fd1438e4778a5919fe09c32069126c4da8
- SHA256
  
  4516ccb0b8eab8918ebe09e9b8f49797c99aeef0e1d19b4ac57ab8e76bf6b610
- SHA512
  
  77661bf2603075058684cdd822b517d8067ef8bc9d83d7d922a0a8a90e7fed56132e17601da0bd3cf13c978b9c6c17135c011a414c37624fbe9e8dc95bd94309
- SSDEEP
  
  1536:W7ZppApBULcfpHLcfpyDoAW7ZppApBULcfpHLcfpyDoAi:6pWpBwchcwDgpWpBwchcwDM
Score

9^/10

discovery ransomware
- Renames multiple (4810) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware