49c7b3c926b74300d6a1eb3ff82c572e8b5fa4a2d4df9e9921f36a054c987523 | Triage

Sharing

General

Target

2c4005fdd71f6653586fa83ab3271d70N.exe
Size

2.1MB
Sample

240822-b38h8awbjp
MD5

2c4005fdd71f6653586fa83ab3271d70
SHA1

cbf59cd9854895b7b991c719688321e3354fa7cf
SHA256

49c7b3c926b74300d6a1eb3ff82c572e8b5fa4a2d4df9e9921f36a054c987523
SHA512

712d6509dc351fb282d7f6705e7adc8bf3998b198f33ca5be596bf5df526eeb6474eb0a011e8b1848bbbc82c4082526aa9b932b88a9b66a200e0cb2917605540
SSDEEP

49152:wzqDisnyJfeeFhcc0cc9zqDisnyJfeeXPcc0ccXTm/0hre9zqDisnyJfeeFhcc0+:yWwMWwh

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  2c4005fdd71f6653586fa83ab3271d70N.exe
- Size
  
  2.1MB
- MD5
  
  2c4005fdd71f6653586fa83ab3271d70
- SHA1
  
  cbf59cd9854895b7b991c719688321e3354fa7cf
- SHA256
  
  49c7b3c926b74300d6a1eb3ff82c572e8b5fa4a2d4df9e9921f36a054c987523
- SHA512
  
  712d6509dc351fb282d7f6705e7adc8bf3998b198f33ca5be596bf5df526eeb6474eb0a011e8b1848bbbc82c4082526aa9b932b88a9b66a200e0cb2917605540
- SSDEEP
  
  49152:wzqDisnyJfeeFhcc0cc9zqDisnyJfeeXPcc0ccXTm/0hre9zqDisnyJfeeFhcc0+:yWwMWwh
Score

9^/10

discovery ransomware
- Renames multiple (488) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware