6dec307953243ac4218ac5bb70fdec783cc40be380254a1402d31e21c14704fd | Triage

Sharing

General

Target

ransom.exe
Size

3.1MB
Sample

240819-17ejdaserq
MD5

7b165424e046c129ed68d167aabaee01
SHA1

0cde2e763fb1e21ea738b3255007ea6dff32f19f
SHA256

6dec307953243ac4218ac5bb70fdec783cc40be380254a1402d31e21c14704fd
SHA512

f0020dbfce6e441f0854b89007c646495ef288b84e3658efa330571cd9aa2a484cb6fb22e776156176a6e8e4fc1b41f1f7271deed33f992723ca38aacca474d7
SSDEEP

49152:suwlfTeFiqtUaqTsuYYq1ibpA4f5uw41doGWo4:QeZndio

Score

6^/10

defense_evasion execution

Malware Config

Targets

- Target
  
  ransom.exe
- Size
  
  3.1MB
- MD5
  
  7b165424e046c129ed68d167aabaee01
- SHA1
  
  0cde2e763fb1e21ea738b3255007ea6dff32f19f
- SHA256
  
  6dec307953243ac4218ac5bb70fdec783cc40be380254a1402d31e21c14704fd
- SHA512
  
  f0020dbfce6e441f0854b89007c646495ef288b84e3658efa330571cd9aa2a484cb6fb22e776156176a6e8e4fc1b41f1f7271deed33f992723ca38aacca474d7
- SSDEEP
  
  49152:suwlfTeFiqtUaqTsuYYq1ibpA4f5uw41doGWo4:QeZndio
Score

6^/10

defense_evasion execution
- Drops desktop.ini file(s)
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasionexecution