7a68573caa90dc370bda9e499a9a48e0ac23ec3f1e0dcadc6992cef1d3ee4aa9 | Triage

Sharing

General

Target

ddc1ac3a3a212a437471e0b5f125ea10N.exe
Size

176KB
Sample

240902-rqx5qascnr
MD5

ddc1ac3a3a212a437471e0b5f125ea10
SHA1

10e0c10e12556e753e67d5fa0651cadabd402209
SHA256

7a68573caa90dc370bda9e499a9a48e0ac23ec3f1e0dcadc6992cef1d3ee4aa9
SHA512

c6527e6b46938d91302666aafb81ba35740d1a418c37866e3b9ef1e1df739bf1ad6c23c2ec76b44ff0d569ebc624a78dcbac9bf62a66c46728f53f39cc873835
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBe:PqFF2Ie+eFWqFF2Ie+eFe

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  ddc1ac3a3a212a437471e0b5f125ea10N.exe
- Size
  
  176KB
- MD5
  
  ddc1ac3a3a212a437471e0b5f125ea10
- SHA1
  
  10e0c10e12556e753e67d5fa0651cadabd402209
- SHA256
  
  7a68573caa90dc370bda9e499a9a48e0ac23ec3f1e0dcadc6992cef1d3ee4aa9
- SHA512
  
  c6527e6b46938d91302666aafb81ba35740d1a418c37866e3b9ef1e1df739bf1ad6c23c2ec76b44ff0d569ebc624a78dcbac9bf62a66c46728f53f39cc873835
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBe:PqFF2Ie+eFWqFF2Ie+eFe
Score

9^/10

discovery ransomware
- Renames multiple (3970) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware