9ae41787d772f78ada6a9d86ef4047a06f37cfd1c64756d77086289fe1912f2d | Triage

Sharing

General

Target

9ae41787d772f78ada6a9d86ef4047a06f37cfd1c64756d77086289fe1912f2dN
Size

155KB
Sample

240919-gfs3xatcpb
MD5

c98f1db95e3114a9a81371e2d8377e90
SHA1

80c378fcc3abf00acd77c03b2d9914748b0415f4
SHA256

9ae41787d772f78ada6a9d86ef4047a06f37cfd1c64756d77086289fe1912f2d
SHA512

99781e604f81bfb38e8ce5a01e2eb298f0d602007ecff5ddc9490f6a5df7cb677c3929ca2496f571f11bab41b76e6477343b30ec235d129e7f1fa4dbb0cabdfd
SSDEEP

1536:W7ZhA7pApMNcH6gW4Wvs9s2cic8GhGvnpNn6t7ZhA7pApMNcH6gW4Wvs9s2cic84:6e7WpMNcK9vG1W3e7WpMNcK9vG1WV

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  9ae41787d772f78ada6a9d86ef4047a06f37cfd1c64756d77086289fe1912f2dN
- Size
  
  155KB
- MD5
  
  c98f1db95e3114a9a81371e2d8377e90
- SHA1
  
  80c378fcc3abf00acd77c03b2d9914748b0415f4
- SHA256
  
  9ae41787d772f78ada6a9d86ef4047a06f37cfd1c64756d77086289fe1912f2d
- SHA512
  
  99781e604f81bfb38e8ce5a01e2eb298f0d602007ecff5ddc9490f6a5df7cb677c3929ca2496f571f11bab41b76e6477343b30ec235d129e7f1fa4dbb0cabdfd
- SSDEEP
  
  1536:W7ZhA7pApMNcH6gW4Wvs9s2cic8GhGvnpNn6t7ZhA7pApMNcH6gW4Wvs9s2cic84:6e7WpMNcK9vG1W3e7WpMNcK9vG1WV
Score

9^/10

discovery ransomware
- Renames multiple (3724) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware