16dd36b7e9efb2c59c7a0d9544c9c72d7db7098f0c29199f4929a2893dae22b5 | Triage

Sharing

General

Target

d58913eea156c869c123f3ebc4007ae0N.exe
Size

199KB
Sample

240820-eghx8awdjr
MD5

d58913eea156c869c123f3ebc4007ae0
SHA1

5129957157ce36fbaa3608059d36144765f7285f
SHA256

16dd36b7e9efb2c59c7a0d9544c9c72d7db7098f0c29199f4929a2893dae22b5
SHA512

d466c9dad325f76b47dd777524361a975a2853a9cc48683a649494845510afa37e0657a0df4d33e58cc1fdf8d1f7e836336267a77247fca6bb5979f5241e1293
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBV:PqFF2Ie+efsLDqFF2Ie+efsLu

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  d58913eea156c869c123f3ebc4007ae0N.exe
- Size
  
  199KB
- MD5
  
  d58913eea156c869c123f3ebc4007ae0
- SHA1
  
  5129957157ce36fbaa3608059d36144765f7285f
- SHA256
  
  16dd36b7e9efb2c59c7a0d9544c9c72d7db7098f0c29199f4929a2893dae22b5
- SHA512
  
  d466c9dad325f76b47dd777524361a975a2853a9cc48683a649494845510afa37e0657a0df4d33e58cc1fdf8d1f7e836336267a77247fca6bb5979f5241e1293
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBV:PqFF2Ie+efsLDqFF2Ie+efsLu
Score

9^/10

discovery ransomware
- Renames multiple (3655) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware