0b808033d9a6c4b6158421572d77196d1df42ac03d3fb2e3dbb3762aac61a3eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d16ef4d9c0bc72b2e49769915b1bbc70N.exe
Size

197KB
Sample

240905-njxzlazgrg
MD5

d16ef4d9c0bc72b2e49769915b1bbc70
SHA1

74d90d3ac297128f10c3f965c092294e7cefaead
SHA256

0b808033d9a6c4b6158421572d77196d1df42ac03d3fb2e3dbb3762aac61a3eb
SHA512

75f0cbdccced59af11f2883257d79a3753da0edc83c590e92868a89ad4112918ca13608b1791df2dd031ce532bef9fdca17cb547e735af100a4150fbbae9d1ba
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBs:PqFF2Ie+efsLkqFF2Ie+efsL2

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  d16ef4d9c0bc72b2e49769915b1bbc70N.exe
- Size
  
  197KB
- MD5
  
  d16ef4d9c0bc72b2e49769915b1bbc70
- SHA1
  
  74d90d3ac297128f10c3f965c092294e7cefaead
- SHA256
  
  0b808033d9a6c4b6158421572d77196d1df42ac03d3fb2e3dbb3762aac61a3eb
- SHA512
  
  75f0cbdccced59af11f2883257d79a3753da0edc83c590e92868a89ad4112918ca13608b1791df2dd031ce532bef9fdca17cb547e735af100a4150fbbae9d1ba
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBs:PqFF2Ie+efsLkqFF2Ie+efsL2
Score

9^/10

discovery ransomware
- Renames multiple (375) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware