6065fdb31ed171d137e0a724035b4de46b90986079480b1f1073ac58d1c09e45 | Triage

Sharing

General

Target

8a5901a85f0fc79db816977d6ddf3400N.exe
Size

114KB
Sample

240820-g32zbs1dkl
MD5

8a5901a85f0fc79db816977d6ddf3400
SHA1

8a4ad8b888265affdae9ca9699491d8364c21463
SHA256

6065fdb31ed171d137e0a724035b4de46b90986079480b1f1073ac58d1c09e45
SHA512

64680b1c68833467f1fa0ef49691415a77d6d5260055ff0b3c441ba76da6eeb0811b0c89c670179852b61647ecba64a6215a5a3a00abc25eaad0004d7048a17a
SSDEEP

768:W7BlpppARFbhFAxC7ntkntV/Zt+7BlpppARFbhFAxC7ntkntV/ZtK:W7ZppApryHt+7ZppApryHtK

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  8a5901a85f0fc79db816977d6ddf3400N.exe
- Size
  
  114KB
- MD5
  
  8a5901a85f0fc79db816977d6ddf3400
- SHA1
  
  8a4ad8b888265affdae9ca9699491d8364c21463
- SHA256
  
  6065fdb31ed171d137e0a724035b4de46b90986079480b1f1073ac58d1c09e45
- SHA512
  
  64680b1c68833467f1fa0ef49691415a77d6d5260055ff0b3c441ba76da6eeb0811b0c89c670179852b61647ecba64a6215a5a3a00abc25eaad0004d7048a17a
- SSDEEP
  
  768:W7BlpppARFbhFAxC7ntkntV/Zt+7BlpppARFbhFAxC7ntkntV/ZtK:W7ZppApryHt+7ZppApryHtK
Score

9^/10

discovery ransomware
- Renames multiple (3921) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware