0ae98b387545f28972fcaca29e785c1eaaa88e006bbefb074b7afcc13587aa9f | Triage

Sharing

General

Target

c545377f3fd1e9c82f0071dc896e1500N.exe
Size

212KB
Sample

240821-q35jws1gmb
MD5

c545377f3fd1e9c82f0071dc896e1500
SHA1

72341c573261168d73a764295bf35c0524acb0ba
SHA256

0ae98b387545f28972fcaca29e785c1eaaa88e006bbefb074b7afcc13587aa9f
SHA512

327a59c1f61c5cc2ad81a6e8f888f38ec70d39eeb57a7a7a98da4ed87ece5aff47657446e4bcf09aeccf20c3f8833d02f9d4d5b30f747ae0f9114fc819624fc5
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBd:PqFF2Ie+effy1qFF2Ie+effyQ

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  c545377f3fd1e9c82f0071dc896e1500N.exe
- Size
  
  212KB
- MD5
  
  c545377f3fd1e9c82f0071dc896e1500
- SHA1
  
  72341c573261168d73a764295bf35c0524acb0ba
- SHA256
  
  0ae98b387545f28972fcaca29e785c1eaaa88e006bbefb074b7afcc13587aa9f
- SHA512
  
  327a59c1f61c5cc2ad81a6e8f888f38ec70d39eeb57a7a7a98da4ed87ece5aff47657446e4bcf09aeccf20c3f8833d02f9d4d5b30f747ae0f9114fc819624fc5
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBd:PqFF2Ie+effy1qFF2Ie+effyQ
Score

9^/10

discovery ransomware
- Renames multiple (3873) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware