3c8d6692a2d2ed3346db8e50b465947240bc60401fd5b46503fb2f28bcf71e9f | Triage

Sharing

General

Target

704c80bfbfc1c4be89e4fc6febf52fb0N.exe
Size

149KB
Sample

240820-zdwecswckp
MD5

704c80bfbfc1c4be89e4fc6febf52fb0
SHA1

96285b26499157ba9f9be339b67a3b3c852611d8
SHA256

3c8d6692a2d2ed3346db8e50b465947240bc60401fd5b46503fb2f28bcf71e9f
SHA512

fa006c9b313f3f5d30108f4d645ae569bb442eccec87bbc5c87562025a1b6998e9075b98fa13864a9df86e0992b1a0497e929719e2fd0251d88d5e52f5e20259
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvn7ZNLpApCZrt8PWGoPWGANdN+hEwHM:6NLWpCZIzjwHwfNLWpCZIzjwHw/

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  704c80bfbfc1c4be89e4fc6febf52fb0N.exe
- Size
  
  149KB
- MD5
  
  704c80bfbfc1c4be89e4fc6febf52fb0
- SHA1
  
  96285b26499157ba9f9be339b67a3b3c852611d8
- SHA256
  
  3c8d6692a2d2ed3346db8e50b465947240bc60401fd5b46503fb2f28bcf71e9f
- SHA512
  
  fa006c9b313f3f5d30108f4d645ae569bb442eccec87bbc5c87562025a1b6998e9075b98fa13864a9df86e0992b1a0497e929719e2fd0251d88d5e52f5e20259
- SSDEEP
  
  1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvn7ZNLpApCZrt8PWGoPWGANdN+hEwHM:6NLWpCZIzjwHwfNLWpCZIzjwHw/
Score

9^/10

discovery ransomware
- Renames multiple (3519) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware