f7a6b1208d40db0e85a7f3a3cc18004631b41be5c70c004e329d9dd07580dfb4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c32b8feebd4b35000853c630c8d4b660N.exe
Size

148KB
Sample

240820-z6aclaxfjn
MD5

c32b8feebd4b35000853c630c8d4b660
SHA1

e366af15ca4c3093e59ac81b8726e06c655162c6
SHA256

f7a6b1208d40db0e85a7f3a3cc18004631b41be5c70c004e329d9dd07580dfb4
SHA512

b6dab854a53c2acb84dd7617dbcca109890b0f7c81932b4d06d07460420d62c34a2c7a888c546afe331c8a978cb3d624cbda521258ec95ea3e7b5d38f2b262fd
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5DFQWpze+eJfFpsJOfFpsJ5DZgI0:Lpe+ewDzpe+ewDZgI0

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  c32b8feebd4b35000853c630c8d4b660N.exe
- Size
  
  148KB
- MD5
  
  c32b8feebd4b35000853c630c8d4b660
- SHA1
  
  e366af15ca4c3093e59ac81b8726e06c655162c6
- SHA256
  
  f7a6b1208d40db0e85a7f3a3cc18004631b41be5c70c004e329d9dd07580dfb4
- SHA512
  
  b6dab854a53c2acb84dd7617dbcca109890b0f7c81932b4d06d07460420d62c34a2c7a888c546afe331c8a978cb3d624cbda521258ec95ea3e7b5d38f2b262fd
- SSDEEP
  
  3072:9QWpze+eJfFpsJOfFpsJ5DFQWpze+eJfFpsJOfFpsJ5DZgI0:Lpe+ewDzpe+ewDZgI0
Score

9^/10

discovery ransomware
- Renames multiple (3814) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware