bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0 | Triage

Sharing

General

Target

bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0
Size

86KB
Sample

240913-b6z19axejp
MD5

3e4e27c765cff58a375c2d89f6ba51dc
SHA1

34693ec211327080a177689c747c090aad6dcbfa
SHA256

bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0
SHA512

bda1941c5c8a147b7b51665be2271b02b68e6e74af22a9f2bce1eace3d0197f18c47750990c62237fdb663d39c2fbce95d6e9c7aec5a260c19f93488e5b712e1
SSDEEP

1536:W7ZhA7pApM21LOA1LOl6vSccyk27ZhA7pApM21LOA1LOl6vSccykwy:6e7WpMgLOiLO2SccGe7WpMgLOiLO2ScO

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0
- Size
  
  86KB
- MD5
  
  3e4e27c765cff58a375c2d89f6ba51dc
- SHA1
  
  34693ec211327080a177689c747c090aad6dcbfa
- SHA256
  
  bf140f636dedabdee1a4bac2e85b529bcbb44e7c57de7bd10261a949629f74a0
- SHA512
  
  bda1941c5c8a147b7b51665be2271b02b68e6e74af22a9f2bce1eace3d0197f18c47750990c62237fdb663d39c2fbce95d6e9c7aec5a260c19f93488e5b712e1
- SSDEEP
  
  1536:W7ZhA7pApM21LOA1LOl6vSccyk27ZhA7pApM21LOA1LOl6vSccykwy:6e7WpMgLOiLO2SccGe7WpMgLOiLO2ScO
Score

9^/10

discovery ransomware
- Renames multiple (4758) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware