9e538480b90e149ace0f0d87da2c4b9491c0498aab0317c519a1de8ed56efd63 | Triage

Sharing

General

Target

9e538480b90e149ace0f0d87da2c4b9491c0498aab0317c519a1de8ed56efd63N
Size

203KB
Sample

240919-hdvpdsvgmb
MD5

1035e8e2defdb6a96e2cc8b478cfc5c0
SHA1

679ed02f957a4f150a7caa27fdcd0432eaa44440
SHA256

9e538480b90e149ace0f0d87da2c4b9491c0498aab0317c519a1de8ed56efd63
SHA512

cde366cbfd3c0e821e9592f2958a70402ef9a9a176cf8b22846e27452ec016abe26a6998fdd5d9c7fd7b2fc499cc25be97ba82101715a0a2a1427a059913e368
SSDEEP

3072:6DWpwE7oL2e+efZwZ08i8cDWpwE7oL2e+efZwZ08i8w:dN/e+efimJsN/e+efimJN

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  9e538480b90e149ace0f0d87da2c4b9491c0498aab0317c519a1de8ed56efd63N
- Size
  
  203KB
- MD5
  
  1035e8e2defdb6a96e2cc8b478cfc5c0
- SHA1
  
  679ed02f957a4f150a7caa27fdcd0432eaa44440
- SHA256
  
  9e538480b90e149ace0f0d87da2c4b9491c0498aab0317c519a1de8ed56efd63
- SHA512
  
  cde366cbfd3c0e821e9592f2958a70402ef9a9a176cf8b22846e27452ec016abe26a6998fdd5d9c7fd7b2fc499cc25be97ba82101715a0a2a1427a059913e368
- SSDEEP
  
  3072:6DWpwE7oL2e+efZwZ08i8cDWpwE7oL2e+efZwZ08i8w:dN/e+efimJsN/e+efimJN
Score

9^/10

discovery ransomware
- Renames multiple (3013) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware