bd1b60f2c1ba69b74145e9d1505a94a59e88b4ebe9038cd7874dbfd94c809a73 | Triage

Sharing

General

Target

bd1b60f2c1ba69b74145e9d1505a94a59e88b4ebe9038cd7874dbfd94c809a73
Size

102KB
Sample

240902-dsmj4szfmp
MD5

ce4701df5edbb73f64f6b581ff5eee8d
SHA1

a09a966e87a46f87df21ea667b0863ab031a568d
SHA256

bd1b60f2c1ba69b74145e9d1505a94a59e88b4ebe9038cd7874dbfd94c809a73
SHA512

30dcf75bfffae2034fa4cbccb535b4fe074d5a5224d18f18de726e3581d15b4e19f3a4f52caa8eecfece6dc289418ef7013b779b495740857bca3ab8ee63554d
SSDEEP

768:W7BlphA7dASbS7EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKe0:W7ZhA7dAIJtvXtve7ZhA7dAIJtvXtvB

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  bd1b60f2c1ba69b74145e9d1505a94a59e88b4ebe9038cd7874dbfd94c809a73
- Size
  
  102KB
- MD5
  
  ce4701df5edbb73f64f6b581ff5eee8d
- SHA1
  
  a09a966e87a46f87df21ea667b0863ab031a568d
- SHA256
  
  bd1b60f2c1ba69b74145e9d1505a94a59e88b4ebe9038cd7874dbfd94c809a73
- SHA512
  
  30dcf75bfffae2034fa4cbccb535b4fe074d5a5224d18f18de726e3581d15b4e19f3a4f52caa8eecfece6dc289418ef7013b779b495740857bca3ab8ee63554d
- SSDEEP
  
  768:W7BlphA7dASbS7EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKe0:W7ZhA7dAIJtvXtve7ZhA7dAIJtvXtvB
Score

9^/10

discovery ransomware
- Renames multiple (4993) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware