3ff6ad19e2c4863e42d2213dc6301085b160d6c4b6290112bb7146f4b81b431e | Triage

Sharing

General

Target

c0964fbbc0ec05ed5b5cfc4d14017790N.exe
Size

145KB
Sample

240820-cqek2ssfqp
MD5

c0964fbbc0ec05ed5b5cfc4d14017790
SHA1

4dab6c5980ce62a44af5fd8a498a128ed02549f9
SHA256

3ff6ad19e2c4863e42d2213dc6301085b160d6c4b6290112bb7146f4b81b431e
SHA512

d3cbbaf052209265ac29f81e4ff9dabe3d176a02c8d048baece27829ef9dfbe14af30f96d0dd25a1d0bb4cd0c2b0f78e0d554b36e869788e9fb8becf646ef1ff
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5DMQWpze+eJfFpsJOfFpsJ5DL:Lpe+ewDcpe+ewDL

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  c0964fbbc0ec05ed5b5cfc4d14017790N.exe
- Size
  
  145KB
- MD5
  
  c0964fbbc0ec05ed5b5cfc4d14017790
- SHA1
  
  4dab6c5980ce62a44af5fd8a498a128ed02549f9
- SHA256
  
  3ff6ad19e2c4863e42d2213dc6301085b160d6c4b6290112bb7146f4b81b431e
- SHA512
  
  d3cbbaf052209265ac29f81e4ff9dabe3d176a02c8d048baece27829ef9dfbe14af30f96d0dd25a1d0bb4cd0c2b0f78e0d554b36e869788e9fb8becf646ef1ff
- SSDEEP
  
  3072:9QWpze+eJfFpsJOfFpsJ5DMQWpze+eJfFpsJOfFpsJ5DL:Lpe+ewDcpe+ewDL
Score

9^/10

discovery ransomware
- Renames multiple (365) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware