e80c54d0eea42e83356d7d1472923f02d4832597a98bc01f2f5446732f900f36 | Triage

Sharing

General

Target

e80c54d0eea42e83356d7d1472923f02d4832597a98bc01f2f5446732f900f36N
Size

190KB
Sample

240919-gvd8asvbqm
MD5

e9ff27262df82289704357e953697340
SHA1

83f80850ec4b841e7ee214ee6e6c338f5bb39559
SHA256

e80c54d0eea42e83356d7d1472923f02d4832597a98bc01f2f5446732f900f36
SHA512

e3d9cbc56de3188cb8c4ad9e7d07f9f3c418e943e465ff12fd3f52bc27f62b09283f36827651c8ff5a4be5102a46edba804604161087f8bde1091cf69c6b42ef
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBO:PqFF2Ie+eFyqFF2Ie+eFC

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  e80c54d0eea42e83356d7d1472923f02d4832597a98bc01f2f5446732f900f36N
- Size
  
  190KB
- MD5
  
  e9ff27262df82289704357e953697340
- SHA1
  
  83f80850ec4b841e7ee214ee6e6c338f5bb39559
- SHA256
  
  e80c54d0eea42e83356d7d1472923f02d4832597a98bc01f2f5446732f900f36
- SHA512
  
  e3d9cbc56de3188cb8c4ad9e7d07f9f3c418e943e465ff12fd3f52bc27f62b09283f36827651c8ff5a4be5102a46edba804604161087f8bde1091cf69c6b42ef
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBO:PqFF2Ie+eFyqFF2Ie+eFC
Score

9^/10

discovery ransomware
- Renames multiple (3233) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware