c7f2088057fa3122e999e80e06b593c9b2af56c821c4afe27d107afd3c23cba9 | Triage

Sharing

General

Target

c7f2088057fa3122e999e80e06b593c9b2af56c821c4afe27d107afd3c23cba9N
Size

96KB
Sample

240919-exwt1s1anc
MD5

4986a58fb36a0525abdf86b9429db090
SHA1

f1540d277179b3817b840e546cb21cd38d1ce498
SHA256

c7f2088057fa3122e999e80e06b593c9b2af56c821c4afe27d107afd3c23cba9
SHA512

579c27cf56ef0d20e2b752222be7dcb5a7f3a733496c2ca32d30e27822a66f25526d142edf36ada6bb4471644e88b205448bd3384d6a8b91ed11c9a03edc4c4e
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJsS17BlpppARFbhknrzzA8JQ2AdJCm:W7ZppApkFS17ZppApkFSv

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  c7f2088057fa3122e999e80e06b593c9b2af56c821c4afe27d107afd3c23cba9N
- Size
  
  96KB
- MD5
  
  4986a58fb36a0525abdf86b9429db090
- SHA1
  
  f1540d277179b3817b840e546cb21cd38d1ce498
- SHA256
  
  c7f2088057fa3122e999e80e06b593c9b2af56c821c4afe27d107afd3c23cba9
- SHA512
  
  579c27cf56ef0d20e2b752222be7dcb5a7f3a733496c2ca32d30e27822a66f25526d142edf36ada6bb4471644e88b205448bd3384d6a8b91ed11c9a03edc4c4e
- SSDEEP
  
  768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJsS17BlpppARFbhknrzzA8JQ2AdJCm:W7ZppApkFS17ZppApkFSv
Score

9^/10

discovery ransomware
- Renames multiple (344) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware