bd4148d4e2c3723d207844817623139ce5bfeb99e07c62556d0e9fa74c52efae | Triage

Sharing

General

Target

bd4148d4e2c3723d207844817623139ce5bfeb99e07c62556d0e9fa74c52efae
Size

168KB
Sample

240818-ensq1axdmn
MD5

2c4fde7eb2b3c3e069ef5465b6eee7d1
SHA1

859e9208d28a6cb13375f4e5ebbcc2e8f79ce497
SHA256

bd4148d4e2c3723d207844817623139ce5bfeb99e07c62556d0e9fa74c52efae
SHA512

2d46b7fb3b79734ed2c04c17950a0b8ad86cba16bca74576f984978f198ace4eadaa09aebad621e56d8c21874f805c04762d3a561b0e073f4d1b0223befe930d
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBm:PqFF2Ie+eFoqFF2Ie+eFo

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  bd4148d4e2c3723d207844817623139ce5bfeb99e07c62556d0e9fa74c52efae
- Size
  
  168KB
- MD5
  
  2c4fde7eb2b3c3e069ef5465b6eee7d1
- SHA1
  
  859e9208d28a6cb13375f4e5ebbcc2e8f79ce497
- SHA256
  
  bd4148d4e2c3723d207844817623139ce5bfeb99e07c62556d0e9fa74c52efae
- SHA512
  
  2d46b7fb3b79734ed2c04c17950a0b8ad86cba16bca74576f984978f198ace4eadaa09aebad621e56d8c21874f805c04762d3a561b0e073f4d1b0223befe930d
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBm:PqFF2Ie+eFoqFF2Ie+eFo
Score

9^/10

discovery ransomware
- Renames multiple (4049) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware