9a7f924a5e72a05895a4e15a0ce457c08b95bc6b14c3c8813e375e5e3197c93e | Triage

Sharing

General

Target

9a7f924a5e72a05895a4e15a0ce457c08b95bc6b14c3c8813e375e5e3197c93eN
Size

113KB
Sample

240919-gspagsvarp
MD5

31da54d80d9cd178ac04d16abd514d10
SHA1

0136f77a208d0b751484b0b5ce36437f69e2e884
SHA256

9a7f924a5e72a05895a4e15a0ce457c08b95bc6b14c3c8813e375e5e3197c93e
SHA512

5f56af9feb68ab6fe4a52bf15dbd7cf1c0373272232455a3deb7d2bcd296aba745daf76abc0656d3f24e7dad93ebcb2a4eab8ce9bb2edaa178b3144aedb272cf
SSDEEP

1536:W7ZhA7dABJJ7TTQoQNKx7ZhA7dABJJ7TTQoQNKh:6e76BoRNKbe76BoRNKh

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  9a7f924a5e72a05895a4e15a0ce457c08b95bc6b14c3c8813e375e5e3197c93eN
- Size
  
  113KB
- MD5
  
  31da54d80d9cd178ac04d16abd514d10
- SHA1
  
  0136f77a208d0b751484b0b5ce36437f69e2e884
- SHA256
  
  9a7f924a5e72a05895a4e15a0ce457c08b95bc6b14c3c8813e375e5e3197c93e
- SHA512
  
  5f56af9feb68ab6fe4a52bf15dbd7cf1c0373272232455a3deb7d2bcd296aba745daf76abc0656d3f24e7dad93ebcb2a4eab8ce9bb2edaa178b3144aedb272cf
- SSDEEP
  
  1536:W7ZhA7dABJJ7TTQoQNKx7ZhA7dABJJ7TTQoQNKh:6e76BoRNKbe76BoRNKh
Score

9^/10

discovery ransomware
- Renames multiple (4098) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware