e9598832d28ba96c4fba7bae7adaf41d9a8825682d0ebce1d1cf669460432dc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65d363d170a32fd55cb8ae31f5acc540N.exe
Size

136KB
Sample

240821-byhr1axdkp
MD5

65d363d170a32fd55cb8ae31f5acc540
SHA1

4b59b89993001f0389bfa6e79a8c933c8bbdd4b1
SHA256

e9598832d28ba96c4fba7bae7adaf41d9a8825682d0ebce1d1cf669460432dc9
SHA512

99f2480e298cf79d8a1e0000d200f2f803bb98b1bee89a99a296a6dd484d23583f74033b63c3176b82c6f1b8bf63ac15ae1b5757b35270371e29d01c2fc74d2f
SSDEEP

3072:62ssWpcU7lK1lKgkh2ssWpcU7lK1lKgkb:MVyU7lK1lK5VyU7lK1lK7

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  65d363d170a32fd55cb8ae31f5acc540N.exe
- Size
  
  136KB
- MD5
  
  65d363d170a32fd55cb8ae31f5acc540
- SHA1
  
  4b59b89993001f0389bfa6e79a8c933c8bbdd4b1
- SHA256
  
  e9598832d28ba96c4fba7bae7adaf41d9a8825682d0ebce1d1cf669460432dc9
- SHA512
  
  99f2480e298cf79d8a1e0000d200f2f803bb98b1bee89a99a296a6dd484d23583f74033b63c3176b82c6f1b8bf63ac15ae1b5757b35270371e29d01c2fc74d2f
- SSDEEP
  
  3072:62ssWpcU7lK1lKgkh2ssWpcU7lK1lKgkb:MVyU7lK1lK5VyU7lK1lK7
Score

9^/10

discovery ransomware
- Renames multiple (3714) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware