c813a440e91bbfd5140fb4a7b9c047d8dcf8348b69ab3ea1cb9bc4b0eefb0aa6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c813a440e91bbfd5140fb4a7b9c047d8dcf8348b69ab3ea1cb9bc4b0eefb0aa6
Size

151KB
Sample

240825-f3zcrsyclr
MD5

906c173b2643f52ae93213b80150525f
SHA1

793843b5a12f90017ad1bc96d7681a3f706eee91
SHA256

c813a440e91bbfd5140fb4a7b9c047d8dcf8348b69ab3ea1cb9bc4b0eefb0aa6
SHA512

89c84810d340cbd1138ca61fcc69a7a0b6584f8decb3722ba974850e9e27495fdbd206e30ef581491b457676683dc88402013765718afc3c2530e0b124a969a2
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5DVSWu0SWu0QWpze+eJfFpsJOfFpsJ5DVSWu0SWut:Lpe+ewDVSWu0SWuEpe+ewDVSWu0SWut

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  c813a440e91bbfd5140fb4a7b9c047d8dcf8348b69ab3ea1cb9bc4b0eefb0aa6
- Size
  
  151KB
- MD5
  
  906c173b2643f52ae93213b80150525f
- SHA1
  
  793843b5a12f90017ad1bc96d7681a3f706eee91
- SHA256
  
  c813a440e91bbfd5140fb4a7b9c047d8dcf8348b69ab3ea1cb9bc4b0eefb0aa6
- SHA512
  
  89c84810d340cbd1138ca61fcc69a7a0b6584f8decb3722ba974850e9e27495fdbd206e30ef581491b457676683dc88402013765718afc3c2530e0b124a969a2
- SSDEEP
  
  3072:9QWpze+eJfFpsJOfFpsJ5DVSWu0SWu0QWpze+eJfFpsJOfFpsJ5DVSWu0SWut:Lpe+ewDVSWu0SWuEpe+ewDVSWu0SWut
Score

9^/10

discovery ransomware
- Renames multiple (4703) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware