b49de242375351123a802928e68a0576eb091bd7d24b984e819f82ed74ba4219 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e966c71539fd07ba373d7368ab7e7080N.exe
Size

99KB
Sample

240902-2ygstazbrq
MD5

e966c71539fd07ba373d7368ab7e7080
SHA1

9bc7adb279c25cdcfc7b056c1eb0c3c05f47eb38
SHA256

b49de242375351123a802928e68a0576eb091bd7d24b984e819f82ed74ba4219
SHA512

23a84a1af846269ec9afb41e10c163bced5fac53409707677401f60f5873888220c6e24f3bc3603ef37a277189260276f85ab816d93babc4546f732784b41239
SSDEEP

3072:6pWpBwchcwDBpWpBwchcwDIi/D5zf6ydyf+abMkF24kzK3jbrCkoRWNkzi/D5zfU:PKF

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  e966c71539fd07ba373d7368ab7e7080N.exe
- Size
  
  99KB
- MD5
  
  e966c71539fd07ba373d7368ab7e7080
- SHA1
  
  9bc7adb279c25cdcfc7b056c1eb0c3c05f47eb38
- SHA256
  
  b49de242375351123a802928e68a0576eb091bd7d24b984e819f82ed74ba4219
- SHA512
  
  23a84a1af846269ec9afb41e10c163bced5fac53409707677401f60f5873888220c6e24f3bc3603ef37a277189260276f85ab816d93babc4546f732784b41239
- SSDEEP
  
  3072:6pWpBwchcwDBpWpBwchcwDIi/D5zf6ydyf+abMkF24kzK3jbrCkoRWNkzi/D5zfU:PKF
Score

9^/10

discovery ransomware
- Renames multiple (4289) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware