138f1acca0743378c1c63159e82e3c51cde387d74f54049d0067b64feb703120 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78f9ab9f65463c4c3bd1304f3c638480N
Size

112KB
Sample

240829-gz8ygaxdmc
MD5

78f9ab9f65463c4c3bd1304f3c638480
SHA1

79a4c7ad2706b9eb24a79e0cd671b56062382d58
SHA256

138f1acca0743378c1c63159e82e3c51cde387d74f54049d0067b64feb703120
SHA512

1c47aafc903b93ddb870cca5baeed2ffdc555229c89b53884863d18685d0e24e84b82e8159a5a5414d06edcc70cc05bc8914dc88bc427f3a255ae58a424b5e6b
SSDEEP

768:W7BlpppARFbhFAxC7ntkntV/fo4o77BlpppARFbhFAxC7ntkntV/fo4op:W7ZppApryyH77ZppApryyHp

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  78f9ab9f65463c4c3bd1304f3c638480N
- Size
  
  112KB
- MD5
  
  78f9ab9f65463c4c3bd1304f3c638480
- SHA1
  
  79a4c7ad2706b9eb24a79e0cd671b56062382d58
- SHA256
  
  138f1acca0743378c1c63159e82e3c51cde387d74f54049d0067b64feb703120
- SHA512
  
  1c47aafc903b93ddb870cca5baeed2ffdc555229c89b53884863d18685d0e24e84b82e8159a5a5414d06edcc70cc05bc8914dc88bc427f3a255ae58a424b5e6b
- SSDEEP
  
  768:W7BlpppARFbhFAxC7ntkntV/fo4o77BlpppARFbhFAxC7ntkntV/fo4op:W7ZppApryyH77ZppApryyHp
Score

9^/10

discovery ransomware
- Renames multiple (4263) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware