5cad465c8eaa1e677a5913d6d2775bf99fb28ee8b9776f8c49802e18a789fa4b | Triage

Sharing

General

Target

649e26b99537883a5b99c92181815330N.exe
Size

166KB
Sample

240821-ta2t3sxdmg
MD5

649e26b99537883a5b99c92181815330
SHA1

03be866dd6beb0cb169133661f03ebd59b6740ee
SHA256

5cad465c8eaa1e677a5913d6d2775bf99fb28ee8b9776f8c49802e18a789fa4b
SHA512

99f258e48bcda5d61b8c0423b17cfd7be8fb0fe2f6f218b3fa28e9da8e0feadf2e80fb56ac5126645d5fc8ccc39773f625b027275abb7c179053c2f892a51346
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBK:PqFF2Ie+eF0qFF2Ie+eF0

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  649e26b99537883a5b99c92181815330N.exe
- Size
  
  166KB
- MD5
  
  649e26b99537883a5b99c92181815330
- SHA1
  
  03be866dd6beb0cb169133661f03ebd59b6740ee
- SHA256
  
  5cad465c8eaa1e677a5913d6d2775bf99fb28ee8b9776f8c49802e18a789fa4b
- SHA512
  
  99f258e48bcda5d61b8c0423b17cfd7be8fb0fe2f6f218b3fa28e9da8e0feadf2e80fb56ac5126645d5fc8ccc39773f625b027275abb7c179053c2f892a51346
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBK:PqFF2Ie+eF0qFF2Ie+eF0
Score

9^/10

discovery ransomware
- Renames multiple (3898) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware