3d08a4086b94ca1b934b36b0a23b384e6bc69ecfba60adb29d07385d89041ec0 | Triage

Sharing

General

Target

654902be4eebbaef76d9129ab8ae6c70N.exe
Size

83KB
Sample

240902-gfycmathrc
MD5

654902be4eebbaef76d9129ab8ae6c70
SHA1

a58d9044a2c642177aa35fafed4341ad503aa0d0
SHA256

3d08a4086b94ca1b934b36b0a23b384e6bc69ecfba60adb29d07385d89041ec0
SHA512

d9cc2a8fe2381bb20596b94c59e106fee48e877d84b0107acf2e31e1facd47b4dedc792deb023d00c460c909db8bc664f5c4a03a2962e0732bbe8a41dab0a3f4
SSDEEP

768:W7Blp2sspARFbh5YSfff9n1oXKCqzEIn1oXKCqzEK7Blp2sspARFbh5YSfff9n1k:W7Z2sspAp5YSfffN7Z2sspAp5YSfff8

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  654902be4eebbaef76d9129ab8ae6c70N.exe
- Size
  
  83KB
- MD5
  
  654902be4eebbaef76d9129ab8ae6c70
- SHA1
  
  a58d9044a2c642177aa35fafed4341ad503aa0d0
- SHA256
  
  3d08a4086b94ca1b934b36b0a23b384e6bc69ecfba60adb29d07385d89041ec0
- SHA512
  
  d9cc2a8fe2381bb20596b94c59e106fee48e877d84b0107acf2e31e1facd47b4dedc792deb023d00c460c909db8bc664f5c4a03a2962e0732bbe8a41dab0a3f4
- SSDEEP
  
  768:W7Blp2sspARFbh5YSfff9n1oXKCqzEIn1oXKCqzEK7Blp2sspARFbh5YSfff9n1k:W7Z2sspAp5YSfffN7Z2sspAp5YSfff8
Score

9^/10

discovery ransomware
- Renames multiple (4529) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware