32a17642257e8d9a13c32b18ed47691a904a6db3bac19d780ee7784d1972303a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32a17642257e8d9a13c32b18ed47691a904a6db3bac19d780ee7784d1972303a
Size

153KB
Sample

240825-zderlsvfmr
MD5

3b977593d9cab7175667121be871cb38
SHA1

88fcdf5310f9e0da49c1c39885f1b338b2fb48f0
SHA256

32a17642257e8d9a13c32b18ed47691a904a6db3bac19d780ee7784d1972303a
SHA512

0c8d0fe6f566b567ed0a4786c754669f68639a7c652fb0cb8482d728229e0e886ab453a7891f8881ad65431883386fecf9e2b9b9abea8b3b4a4fac7bc237cfe2
SSDEEP

1536:W7ZDpApYbVK4vx4PN54PN4OHepOHeZSF7H7ZDpApYbVK4vx4PN54PN4OHepOHeZD:6DWp7WbDWp7WDXtXc

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  32a17642257e8d9a13c32b18ed47691a904a6db3bac19d780ee7784d1972303a
- Size
  
  153KB
- MD5
  
  3b977593d9cab7175667121be871cb38
- SHA1
  
  88fcdf5310f9e0da49c1c39885f1b338b2fb48f0
- SHA256
  
  32a17642257e8d9a13c32b18ed47691a904a6db3bac19d780ee7784d1972303a
- SHA512
  
  0c8d0fe6f566b567ed0a4786c754669f68639a7c652fb0cb8482d728229e0e886ab453a7891f8881ad65431883386fecf9e2b9b9abea8b3b4a4fac7bc237cfe2
- SSDEEP
  
  1536:W7ZDpApYbVK4vx4PN54PN4OHepOHeZSF7H7ZDpApYbVK4vx4PN54PN4OHepOHeZD:6DWp7WbDWp7WDXtXc
Score

9^/10

discovery ransomware
- Renames multiple (4956) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware