ae5324b817589c79f77d5f150794e72ab3bb2b76d850de9dde0834470e98c227 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

faff8406d1bd45e181586c68a0f00900N.exe
Size

203KB
Sample

240828-y8awgathqb
MD5

faff8406d1bd45e181586c68a0f00900
SHA1

17001eb75ea50588ba45d427ae930b2928a75063
SHA256

ae5324b817589c79f77d5f150794e72ab3bb2b76d850de9dde0834470e98c227
SHA512

d8909ab20450df19bb9d5f2a7f7e504b64f9255490dbb470312ca1e59cb5c5f4dd0c9d03f0cd6b591baf7fca47d206c0ce3378a0390672fc768c35b3719334bd
SSDEEP

3072:6DWpwE7oL2e+efZwZ08i8z3MLkDWpwE7oL2e+efZwZ08i8z3MLj:dN/e+efimJa3MLzN/e+efimJa3MLj

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  faff8406d1bd45e181586c68a0f00900N.exe
- Size
  
  203KB
- MD5
  
  faff8406d1bd45e181586c68a0f00900
- SHA1
  
  17001eb75ea50588ba45d427ae930b2928a75063
- SHA256
  
  ae5324b817589c79f77d5f150794e72ab3bb2b76d850de9dde0834470e98c227
- SHA512
  
  d8909ab20450df19bb9d5f2a7f7e504b64f9255490dbb470312ca1e59cb5c5f4dd0c9d03f0cd6b591baf7fca47d206c0ce3378a0390672fc768c35b3719334bd
- SSDEEP
  
  3072:6DWpwE7oL2e+efZwZ08i8z3MLkDWpwE7oL2e+efZwZ08i8z3MLj:dN/e+efimJa3MLzN/e+efimJa3MLj
Score

9^/10

discovery ransomware
- Renames multiple (3211) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware