37d63e042471b0ea8804025c6b09e3e92d2c5d3568aaf43933bbc47b6f3dcc7b | Triage

Sharing

General

Target

9bfba4cb5876d4e926e5e772e0d5eed0N.exe
Size

197KB
Sample

240820-seckbasdmj
MD5

9bfba4cb5876d4e926e5e772e0d5eed0
SHA1

c6fdaf3b57e7b6404b95611062a27ebd75c7ffeb
SHA256

37d63e042471b0ea8804025c6b09e3e92d2c5d3568aaf43933bbc47b6f3dcc7b
SHA512

65a946067ba83fd746efd894fd8d052927e312e9670f89209475e95de33fb900e6dbfd7b7660470e9e93ac866e0d1f2eb4cc0808283685d2690ffb03e0d5bfa5
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB2:PqFF2Ie+efsLwqqFF2Ie+efsLwe

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  9bfba4cb5876d4e926e5e772e0d5eed0N.exe
- Size
  
  197KB
- MD5
  
  9bfba4cb5876d4e926e5e772e0d5eed0
- SHA1
  
  c6fdaf3b57e7b6404b95611062a27ebd75c7ffeb
- SHA256
  
  37d63e042471b0ea8804025c6b09e3e92d2c5d3568aaf43933bbc47b6f3dcc7b
- SHA512
  
  65a946067ba83fd746efd894fd8d052927e312e9670f89209475e95de33fb900e6dbfd7b7660470e9e93ac866e0d1f2eb4cc0808283685d2690ffb03e0d5bfa5
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB2:PqFF2Ie+efsLwqqFF2Ie+efsLwe
Score

9^/10

discovery ransomware
- Renames multiple (3244) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware