47821a0f43b34a3d1c04c63e33cd680dc73a848753af1b35c3317c2f8a4c5035 | Triage

Sharing

General

Target

54f4bb4251f39b04fac27e567e943350N.exe
Size

93KB
Sample

240901-bwzmqsxbql
MD5

54f4bb4251f39b04fac27e567e943350
SHA1

4432f2ba026de0c3763473c75f7fbe600265134f
SHA256

47821a0f43b34a3d1c04c63e33cd680dc73a848753af1b35c3317c2f8a4c5035
SHA512

45843546043971bfe80d2dbe31d92a8cef9a8f91384b7b041d44704281b52fefa8453ba89dd48e8cef2c29347d8fa9fa99eee9e7f71df5b721e96766bc9dfc78
SSDEEP

768:W7BlpppARFbhbt7Y7wTCnBl7BlpppARFbhbt7Y7wTCnBFmdG3mdGc:W7ZppApo7ZppAp0mdG3mdGc

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  54f4bb4251f39b04fac27e567e943350N.exe
- Size
  
  93KB
- MD5
  
  54f4bb4251f39b04fac27e567e943350
- SHA1
  
  4432f2ba026de0c3763473c75f7fbe600265134f
- SHA256
  
  47821a0f43b34a3d1c04c63e33cd680dc73a848753af1b35c3317c2f8a4c5035
- SHA512
  
  45843546043971bfe80d2dbe31d92a8cef9a8f91384b7b041d44704281b52fefa8453ba89dd48e8cef2c29347d8fa9fa99eee9e7f71df5b721e96766bc9dfc78
- SSDEEP
  
  768:W7BlpppARFbhbt7Y7wTCnBl7BlpppARFbhbt7Y7wTCnBFmdG3mdGc:W7ZppApo7ZppAp0mdG3mdGc
Score

9^/10

discovery ransomware
- Renames multiple (3860) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware