36db2cf4581a5246f83127c8db30cbaec22e0f5eaa6433bd1139d7a4d6a88833 | Triage

Sharing

General

Target

1d741398b525a32e71f9d71783553f20N
Size

91KB
Sample

240914-w3l1fayfjh
MD5

1d741398b525a32e71f9d71783553f20
SHA1

e4ed39545161f260ee7759dd71caee150accd7b9
SHA256

36db2cf4581a5246f83127c8db30cbaec22e0f5eaa6433bd1139d7a4d6a88833
SHA512

1d30c1290ea0bc2ae5813c00915fde8f6493cdc6578fbada24706906b8bf6f709ede5145e8eab1bbbadc82b72445a9343f2b4484c5c518e0e458a402da66dbcd
SSDEEP

1536:W7ZppApBULcfpHLcfpyDoAT7ZppApBULcfpHLcfpyDoA86p:6pWpBwchcwDzpWpBwchcwDb

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  1d741398b525a32e71f9d71783553f20N
- Size
  
  91KB
- MD5
  
  1d741398b525a32e71f9d71783553f20
- SHA1
  
  e4ed39545161f260ee7759dd71caee150accd7b9
- SHA256
  
  36db2cf4581a5246f83127c8db30cbaec22e0f5eaa6433bd1139d7a4d6a88833
- SHA512
  
  1d30c1290ea0bc2ae5813c00915fde8f6493cdc6578fbada24706906b8bf6f709ede5145e8eab1bbbadc82b72445a9343f2b4484c5c518e0e458a402da66dbcd
- SSDEEP
  
  1536:W7ZppApBULcfpHLcfpyDoAT7ZppApBULcfpHLcfpyDoA86p:6pWpBwchcwDzpWpBwchcwDb
Score

9^/10

discovery ransomware
- Renames multiple (4068) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware