d2bbe699b44b98908b2d31518df9380ecdf3c1833cb47b5221abfe1d3635642e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a71d36d41f76e008767b9b119cfa8450N.exe
Size

197KB
Sample

240903-zatflawemq
MD5

a71d36d41f76e008767b9b119cfa8450
SHA1

e3b6b175da45e10d853d65e3d78739a6a5fe56b3
SHA256

d2bbe699b44b98908b2d31518df9380ecdf3c1833cb47b5221abfe1d3635642e
SHA512

430f2ab157626300c94c660a11d5b3a0256692b7471bddb0d0c1a2e84b3957ac820d667e7d260018f0e226ac0e0b79c66eb03c274a0e53277ff0b839cef1339f
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBD:PqFF2Ie+eFuqFF2Ie+eFr

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  a71d36d41f76e008767b9b119cfa8450N.exe
- Size
  
  197KB
- MD5
  
  a71d36d41f76e008767b9b119cfa8450
- SHA1
  
  e3b6b175da45e10d853d65e3d78739a6a5fe56b3
- SHA256
  
  d2bbe699b44b98908b2d31518df9380ecdf3c1833cb47b5221abfe1d3635642e
- SHA512
  
  430f2ab157626300c94c660a11d5b3a0256692b7471bddb0d0c1a2e84b3957ac820d667e7d260018f0e226ac0e0b79c66eb03c274a0e53277ff0b839cef1339f
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBD:PqFF2Ie+eFuqFF2Ie+eFr
Score

9^/10

discovery ransomware
- Renames multiple (3539) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware