d66b9574bf0a7755fa4d994b27372bbed4154256a5fda2f1a44bcbf9d7f916e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56f2989c15dc0e2c847dc8e3de561490N.exe
Size

134KB
Sample

240821-gklvdswfjq
MD5

56f2989c15dc0e2c847dc8e3de561490
SHA1

b904dd4a876fcf1eb6a3f74452612bd3f0561f19
SHA256

d66b9574bf0a7755fa4d994b27372bbed4154256a5fda2f1a44bcbf9d7f916e5
SHA512

3daca36443a5ba1429cf54349e2cbb1bd4bae40684d1e1d0e368706941c03796ecd0afa05ccb91b61b028477055317f5c894c914784e7300a90c9589dfe64e3b
SSDEEP

3072:62ssWpcU7lK1lKgkEm2ssWpcU7lK1lKgkE0:MVyU7lK1lKkAVyU7lK1lKk0

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  56f2989c15dc0e2c847dc8e3de561490N.exe
- Size
  
  134KB
- MD5
  
  56f2989c15dc0e2c847dc8e3de561490
- SHA1
  
  b904dd4a876fcf1eb6a3f74452612bd3f0561f19
- SHA256
  
  d66b9574bf0a7755fa4d994b27372bbed4154256a5fda2f1a44bcbf9d7f916e5
- SHA512
  
  3daca36443a5ba1429cf54349e2cbb1bd4bae40684d1e1d0e368706941c03796ecd0afa05ccb91b61b028477055317f5c894c914784e7300a90c9589dfe64e3b
- SSDEEP
  
  3072:62ssWpcU7lK1lKgkEm2ssWpcU7lK1lKgkE0:MVyU7lK1lKkAVyU7lK1lKk0
Score

9^/10

discovery ransomware
- Renames multiple (333) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware