ce90b8d30537ef5ea0f735007f3bfc93c3d9de194cac4561f0cf2e25195a3db5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

50378a57f3ecc351d1a4c7b19f27bfa0N.exe
Size

200KB
Sample

240901-ntkr1szema
MD5

50378a57f3ecc351d1a4c7b19f27bfa0
SHA1

5a8f4b16a299ac4bae0e99dbc658192e953609cb
SHA256

ce90b8d30537ef5ea0f735007f3bfc93c3d9de194cac4561f0cf2e25195a3db5
SHA512

4d4286d56922e1690e0c0837add16a31144bbc785cf5dda9e04c211670b5d8a12f756abd1cd83804e599c0eba510737f9b4d2404c5f3a05d04dab703765ce712
SSDEEP

6144:RqKvb0CYJ973e+eKZOf7fhqKvb0CYJ973e+eKZOf7fr:vvbxYX7Z8vbxYX7Zk

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  50378a57f3ecc351d1a4c7b19f27bfa0N.exe
- Size
  
  200KB
- MD5
  
  50378a57f3ecc351d1a4c7b19f27bfa0
- SHA1
  
  5a8f4b16a299ac4bae0e99dbc658192e953609cb
- SHA256
  
  ce90b8d30537ef5ea0f735007f3bfc93c3d9de194cac4561f0cf2e25195a3db5
- SHA512
  
  4d4286d56922e1690e0c0837add16a31144bbc785cf5dda9e04c211670b5d8a12f756abd1cd83804e599c0eba510737f9b4d2404c5f3a05d04dab703765ce712
- SSDEEP
  
  6144:RqKvb0CYJ973e+eKZOf7fhqKvb0CYJ973e+eKZOf7fr:vvbxYX7Z8vbxYX7Zk
Score

9^/10

discovery ransomware
- Renames multiple (4185) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware