861c018b0a3100c7b3bec167e05724bbbe82f89850b07e16bead59600c0a4d1a | Triage

Sharing

General

Target

bb468ed7e075fc62fcbee9253d237c00N.exe
Size

158KB
Sample

240902-q7et2a1gpp
MD5

bb468ed7e075fc62fcbee9253d237c00
SHA1

e7c9b5ad45469407d02727bb2bcfc63bd0a88b6c
SHA256

861c018b0a3100c7b3bec167e05724bbbe82f89850b07e16bead59600c0a4d1a
SHA512

e883ba906b6aa8511be6917a60f2f7cde99787f6f41a59bf82e61ec423bcb5d7a059c3095caf014d03969ae51207ac81367e70721e47bb3dc3fc77bc0471d09b
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5D8QWpze+eJfFpsJOfFpsJ5DR:Lpe+ewDspe+ewDR

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  bb468ed7e075fc62fcbee9253d237c00N.exe
- Size
  
  158KB
- MD5
  
  bb468ed7e075fc62fcbee9253d237c00
- SHA1
  
  e7c9b5ad45469407d02727bb2bcfc63bd0a88b6c
- SHA256
  
  861c018b0a3100c7b3bec167e05724bbbe82f89850b07e16bead59600c0a4d1a
- SHA512
  
  e883ba906b6aa8511be6917a60f2f7cde99787f6f41a59bf82e61ec423bcb5d7a059c3095caf014d03969ae51207ac81367e70721e47bb3dc3fc77bc0471d09b
- SSDEEP
  
  3072:9QWpze+eJfFpsJOfFpsJ5D8QWpze+eJfFpsJOfFpsJ5DR:Lpe+ewDspe+ewDR
Score

9^/10

discovery ransomware
- Renames multiple (3635) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware