bbce2be56b34d4e3d530b630896a3e4fc4d0f3870c0e62acd5e3ba2a3cee8c53 | Triage

Sharing

General

Target

bbce2be56b34d4e3d530b630896a3e4fc4d0f3870c0e62acd5e3ba2a3cee8c53N
Size

82KB
Sample

240919-hpz39awepj
MD5

6688d3fe0495556ce250a2d8dbf6d480
SHA1

a6253f8e3e4d9f244b053648a30c76c3882c655c
SHA256

bbce2be56b34d4e3d530b630896a3e4fc4d0f3870c0e62acd5e3ba2a3cee8c53
SHA512

6332d8aeeaa5d885abe69a916fb6376f4ffd1c6c946ce1bea26cf9025fd632119e9207a12878a2ab58cca6b54a9fa874aa2dbff0a3cd5dd83c930c7c76c89ba0
SSDEEP

1536:W7ZhA7pApM21LOA1LOl6d7ZhA7pApM21LOA1LOl6hvC:6e7WpMgLOiLOUe7WpMgLOiLOb

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  bbce2be56b34d4e3d530b630896a3e4fc4d0f3870c0e62acd5e3ba2a3cee8c53N
- Size
  
  82KB
- MD5
  
  6688d3fe0495556ce250a2d8dbf6d480
- SHA1
  
  a6253f8e3e4d9f244b053648a30c76c3882c655c
- SHA256
  
  bbce2be56b34d4e3d530b630896a3e4fc4d0f3870c0e62acd5e3ba2a3cee8c53
- SHA512
  
  6332d8aeeaa5d885abe69a916fb6376f4ffd1c6c946ce1bea26cf9025fd632119e9207a12878a2ab58cca6b54a9fa874aa2dbff0a3cd5dd83c930c7c76c89ba0
- SSDEEP
  
  1536:W7ZhA7pApM21LOA1LOl6d7ZhA7pApM21LOA1LOl6hvC:6e7WpMgLOiLOUe7WpMgLOiLOb
Score

9^/10

discovery ransomware
- Renames multiple (4415) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware