General

  • Target

    44478636a919b7e4789f272a4a2d29d0N.exe

  • Size

    100KB

  • Sample

    240825-l7n1gs1amm

  • MD5

    44478636a919b7e4789f272a4a2d29d0

  • SHA1

    9a3674964e852ff1548f43d1c1fb75c3598c36a6

  • SHA256

    4e95bf705831fb8aaf241cb16506f0d2ba2ac7f37a2415d765182a0e0ec08cc3

  • SHA512

    44bbf11bfd10414d7d29370daad656176dfab5bae456dfee4f17b7a0d46df8e506683c2fc3504139f28b43bba6c2d0a0e7ce35ebd331b618e3f33ab0b69c3fa3

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q835MTWn1++PJHJXA/OsIZfzc3/Q835Kh4:KQSoxQSoa

Malware Config

Targets

    • Target

      44478636a919b7e4789f272a4a2d29d0N.exe

    • Size

      100KB

    • MD5

      44478636a919b7e4789f272a4a2d29d0

    • SHA1

      9a3674964e852ff1548f43d1c1fb75c3598c36a6

    • SHA256

      4e95bf705831fb8aaf241cb16506f0d2ba2ac7f37a2415d765182a0e0ec08cc3

    • SHA512

      44bbf11bfd10414d7d29370daad656176dfab5bae456dfee4f17b7a0d46df8e506683c2fc3504139f28b43bba6c2d0a0e7ce35ebd331b618e3f33ab0b69c3fa3

    • SSDEEP

      1536:CTWn1++PJHJXA/OsIZfzc3/Q835MTWn1++PJHJXA/OsIZfzc3/Q835Kh4:KQSoxQSoa

    • Renames multiple (4688) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks