cffa32dbc8a63d9fe26f9fc49e40e5ba2a8b3c41e572178e13daa6e4d3ba8d7e | Triage

Sharing

General

Target

0e2a474b2deb6c913d80b3defcf32670N.exe
Size

121KB
Sample

240905-pec93azhkp
MD5

0e2a474b2deb6c913d80b3defcf32670
SHA1

e80a228ef15706379f2ce190c846b27a1f564c2a
SHA256

cffa32dbc8a63d9fe26f9fc49e40e5ba2a8b3c41e572178e13daa6e4d3ba8d7e
SHA512

4ea8d80cc0d18341b16335c61889f2ba7c07256daad942faac032b22703836d17921efa7f5a7c471fc0e4a470260bfc3ec71888cc3f20e42f8b652c6aebbe256
SSDEEP

1536:W7ZhA7dAvGpG8nz4t4P7ZhA7dAvGpG8nz4t4imdG3mdGF:6e76up3n7e76up3nQ

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  0e2a474b2deb6c913d80b3defcf32670N.exe
- Size
  
  121KB
- MD5
  
  0e2a474b2deb6c913d80b3defcf32670
- SHA1
  
  e80a228ef15706379f2ce190c846b27a1f564c2a
- SHA256
  
  cffa32dbc8a63d9fe26f9fc49e40e5ba2a8b3c41e572178e13daa6e4d3ba8d7e
- SHA512
  
  4ea8d80cc0d18341b16335c61889f2ba7c07256daad942faac032b22703836d17921efa7f5a7c471fc0e4a470260bfc3ec71888cc3f20e42f8b652c6aebbe256
- SSDEEP
  
  1536:W7ZhA7dAvGpG8nz4t4P7ZhA7dAvGpG8nz4t4imdG3mdGF:6e76up3n7e76up3nQ
Score

9^/10

discovery ransomware
- Renames multiple (3861) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware