fb1314c7fe969ff7fd1e1dec060071d33cb6b6707c3ec0fdf46a3b773d436534 | Triage

Sharing

General

Target

fb1314c7fe969ff7fd1e1dec060071d33cb6b6707c3ec0fdf46a3b773d436534
Size

196KB
Sample

240919-d87vzszarm
MD5

5559670df589a8fd5e209282923ed886
SHA1

712523d78820d189922b8bb963d26f9ce05aeb37
SHA256

fb1314c7fe969ff7fd1e1dec060071d33cb6b6707c3ec0fdf46a3b773d436534
SHA512

a1dcc16b09a7ce04f27977094d86a4a0bafde9c8c63922c199234f9da1e6353e6e1dffa87ad728541c61fe04c0993f4a8378e7ec67f232a7df36a01f08f9ee41
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBj:PqFF2Ie+efsLKqFF2Ie+efsL3

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  fb1314c7fe969ff7fd1e1dec060071d33cb6b6707c3ec0fdf46a3b773d436534
- Size
  
  196KB
- MD5
  
  5559670df589a8fd5e209282923ed886
- SHA1
  
  712523d78820d189922b8bb963d26f9ce05aeb37
- SHA256
  
  fb1314c7fe969ff7fd1e1dec060071d33cb6b6707c3ec0fdf46a3b773d436534
- SHA512
  
  a1dcc16b09a7ce04f27977094d86a4a0bafde9c8c63922c199234f9da1e6353e6e1dffa87ad728541c61fe04c0993f4a8378e7ec67f232a7df36a01f08f9ee41
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBj:PqFF2Ie+efsLKqFF2Ie+efsL3
Score

9^/10

discovery ransomware
- Renames multiple (3598) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware