56e4e0b17f758cb490f16e65bdb0a4939eee36427775019f945ac42b0040c58c | Triage

Sharing

General

Target

56e4e0b17f758cb490f16e65bdb0a4939eee36427775019f945ac42b0040c58cN
Size

98KB
Sample

240919-gctj9stdrk
MD5

743551676b210bf95c5928ee6782a7b0
SHA1

b5105a7493137976294749d909e3fb46d8bbc586
SHA256

56e4e0b17f758cb490f16e65bdb0a4939eee36427775019f945ac42b0040c58c
SHA512

c528989d852674233715a6debfb7f5d57b5b8548b1069c78968cf3715f7c19e153169b22ed5931e7eb7525b557f5954e498ca47661e2510b860a08e3951f80ea
SSDEEP

768:/7BlpQpARFbhNIcvBsgQw58eGkz2rcuesgQw58eGkz2rcuhBdMLBdMV7BlpQpAR8:/7ZQpApJkV7ZQpApJkDN

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  56e4e0b17f758cb490f16e65bdb0a4939eee36427775019f945ac42b0040c58cN
- Size
  
  98KB
- MD5
  
  743551676b210bf95c5928ee6782a7b0
- SHA1
  
  b5105a7493137976294749d909e3fb46d8bbc586
- SHA256
  
  56e4e0b17f758cb490f16e65bdb0a4939eee36427775019f945ac42b0040c58c
- SHA512
  
  c528989d852674233715a6debfb7f5d57b5b8548b1069c78968cf3715f7c19e153169b22ed5931e7eb7525b557f5954e498ca47661e2510b860a08e3951f80ea
- SSDEEP
  
  768:/7BlpQpARFbhNIcvBsgQw58eGkz2rcuesgQw58eGkz2rcuhBdMLBdMV7BlpQpAR8:/7ZQpApJkV7ZQpApJkDN
Score

9^/10

discovery ransomware
- Renames multiple (3737) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware