a8dddbb758f556e67ea629cdec9271f771a17083956ffd8950ebaa2a4ba16131 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8dddbb758f556e67ea629cdec9271f771a17083956ffd8950ebaa2a4ba16131
Size

715KB
Sample

240912-awmshasapd
MD5

4aab602c0dccf55863cbb0101cb545c0
SHA1

5ba5948246c249926a9a404b48b9154434210b4f
SHA256

a8dddbb758f556e67ea629cdec9271f771a17083956ffd8950ebaa2a4ba16131
SHA512

f0200f819bdb19cbb17a29f62f3db4fa5403de8c3fedf928447033eb93135a92fb23153ddf4786034512e33a903b4f745f81816224ee449581914e297daa200a
SSDEEP

12288:DDtnMwHskY7gjcjhVIEhqgM7bWvcsi6aVs7IypwXK4Qzh+jMlWCEh/v:DDhMysZgjS1hqgSC/izIfpwiz0wy/v

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  a8dddbb758f556e67ea629cdec9271f771a17083956ffd8950ebaa2a4ba16131
- Size
  
  715KB
- MD5
  
  4aab602c0dccf55863cbb0101cb545c0
- SHA1
  
  5ba5948246c249926a9a404b48b9154434210b4f
- SHA256
  
  a8dddbb758f556e67ea629cdec9271f771a17083956ffd8950ebaa2a4ba16131
- SHA512
  
  f0200f819bdb19cbb17a29f62f3db4fa5403de8c3fedf928447033eb93135a92fb23153ddf4786034512e33a903b4f745f81816224ee449581914e297daa200a
- SSDEEP
  
  12288:DDtnMwHskY7gjcjhVIEhqgM7bWvcsi6aVs7IypwXK4Qzh+jMlWCEh/v:DDhMysZgjS1hqgSC/izIfpwiz0wy/v
Score

9^/10

discovery ransomware
- Renames multiple (3535) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware