c546c5c6cc278d3e8c1d2a7883b1d4e98309c0ed960fb85667414811ecaffa2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc9043700e6b837e5d01c6a85c8d8290N.exe
Size

171KB
Sample

240819-ervprsxbpk
MD5

fc9043700e6b837e5d01c6a85c8d8290
SHA1

02a263392795f7f2bb5ab58a024da2578b7552a8
SHA256

c546c5c6cc278d3e8c1d2a7883b1d4e98309c0ed960fb85667414811ecaffa2f
SHA512

1aae2cb19974a111302c6e7586966960e5899875c2395bef19b13f36d2ae4425d620225f020793f2299d014da11679830512eaab2e29e3222ccb863b9672b087
SSDEEP

3072:62ssWpcU7lK1lKgkhr2ssWpcU7lK1lKgkhF:MVyU7lK1lKdVyU7lK1lKn

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  fc9043700e6b837e5d01c6a85c8d8290N.exe
- Size
  
  171KB
- MD5
  
  fc9043700e6b837e5d01c6a85c8d8290
- SHA1
  
  02a263392795f7f2bb5ab58a024da2578b7552a8
- SHA256
  
  c546c5c6cc278d3e8c1d2a7883b1d4e98309c0ed960fb85667414811ecaffa2f
- SHA512
  
  1aae2cb19974a111302c6e7586966960e5899875c2395bef19b13f36d2ae4425d620225f020793f2299d014da11679830512eaab2e29e3222ccb863b9672b087
- SSDEEP
  
  3072:62ssWpcU7lK1lKgkhr2ssWpcU7lK1lKgkhF:MVyU7lK1lKdVyU7lK1lKn
Score

9^/10

discovery ransomware
- Renames multiple (3452) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware