8b97a414d7310ea75ac5257cb6a1fe721e8b69631ea56a214ab977e241120916 | Triage

Sharing

General

Target

6b40ae7d6b44039404400fa9b3d9ef90N.exe
Size

102KB
Sample

240902-pkwnla1cla
MD5

6b40ae7d6b44039404400fa9b3d9ef90
SHA1

bb58f8937ef2cea8b9040ebab519ddab2ece91ec
SHA256

8b97a414d7310ea75ac5257cb6a1fe721e8b69631ea56a214ab977e241120916
SHA512

f955d6e6b6dacc21449d38c3b47f402303724a088aa03d3f5da2cc465da6d66e06593ef485443189f8b725d722303f0c40c70789dabe678eb8a7554e90281885
SSDEEP

1536:W7ZppApBULcfpHLcfpyD+4PN54PNN7ZppApBULcfpHLcfpyD+4PN54PN7:6pWpBwchcwD1WtpWpBwchcwD1Wl

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  6b40ae7d6b44039404400fa9b3d9ef90N.exe
- Size
  
  102KB
- MD5
  
  6b40ae7d6b44039404400fa9b3d9ef90
- SHA1
  
  bb58f8937ef2cea8b9040ebab519ddab2ece91ec
- SHA256
  
  8b97a414d7310ea75ac5257cb6a1fe721e8b69631ea56a214ab977e241120916
- SHA512
  
  f955d6e6b6dacc21449d38c3b47f402303724a088aa03d3f5da2cc465da6d66e06593ef485443189f8b725d722303f0c40c70789dabe678eb8a7554e90281885
- SSDEEP
  
  1536:W7ZppApBULcfpHLcfpyD+4PN54PNN7ZppApBULcfpHLcfpyD+4PN54PN7:6pWpBwchcwD1WtpWpBwchcwD1Wl
Score

9^/10

discovery ransomware
- Renames multiple (3728) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware