ed675c23ce1185ffda0290dfdecd3f5e2a13041b9277d518a3350716b5761a89 | Triage

Sharing

General

Target

ed675c23ce1185ffda0290dfdecd3f5e2a13041b9277d518a3350716b5761a89N
Size

99KB
Sample

240918-kz1tmstbnr
MD5

b1e191aa4fbbdd9d423e7ba060925da0
SHA1

895de568139de7a63acd7deb39ae5f1bf3c96ea7
SHA256

ed675c23ce1185ffda0290dfdecd3f5e2a13041b9277d518a3350716b5761a89
SHA512

75b49490d41f099f55692d65880f2147b68ccaade8ec52708e4fb790936c03c55fc8e78af2c11ffbabd214cbc2ceab7527859a087f0edd237ae755e67f7c28df
SSDEEP

1536:W7ZhA7dABJJZENTNy3t7ZhA7dABJJZENTNy35:6e76BtEu3e76BtEu5

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  ed675c23ce1185ffda0290dfdecd3f5e2a13041b9277d518a3350716b5761a89N
- Size
  
  99KB
- MD5
  
  b1e191aa4fbbdd9d423e7ba060925da0
- SHA1
  
  895de568139de7a63acd7deb39ae5f1bf3c96ea7
- SHA256
  
  ed675c23ce1185ffda0290dfdecd3f5e2a13041b9277d518a3350716b5761a89
- SHA512
  
  75b49490d41f099f55692d65880f2147b68ccaade8ec52708e4fb790936c03c55fc8e78af2c11ffbabd214cbc2ceab7527859a087f0edd237ae755e67f7c28df
- SSDEEP
  
  1536:W7ZhA7dABJJZENTNy3t7ZhA7dABJJZENTNy35:6e76BtEu3e76BtEu5
Score

9^/10

discovery ransomware
- Renames multiple (4847) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware