e2511dafd5b19a9dcc0dbed34ae4de98d0d569edd10683f5c212b886155e7fe6 | Triage

Sharing

General

Target

e2511dafd5b19a9dcc0dbed34ae4de98d0d569edd10683f5c212b886155e7fe6N
Size

86KB
Sample

240919-hss44swfqj
MD5

e028d1c4630e99cf933f6a2ea17e3eb0
SHA1

73e6fd8109ff165990f7b983d32d511b01f70e7d
SHA256

e2511dafd5b19a9dcc0dbed34ae4de98d0d569edd10683f5c212b886155e7fe6
SHA512

fefa37dde27a794b8692631137fb640c6101117236a32b93d627b68a9ce277d5f268b63c3981e9d1e72bd6aa6fd27a8acbb0ebcb2b7283016ef57bd68ece010f
SSDEEP

1536:W7ZhA7pApw03vR03vuhe7ZhA7pApw03vR03vuhJ:6e7WpwYRYJe7WpwYRYe

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  e2511dafd5b19a9dcc0dbed34ae4de98d0d569edd10683f5c212b886155e7fe6N
- Size
  
  86KB
- MD5
  
  e028d1c4630e99cf933f6a2ea17e3eb0
- SHA1
  
  73e6fd8109ff165990f7b983d32d511b01f70e7d
- SHA256
  
  e2511dafd5b19a9dcc0dbed34ae4de98d0d569edd10683f5c212b886155e7fe6
- SHA512
  
  fefa37dde27a794b8692631137fb640c6101117236a32b93d627b68a9ce277d5f268b63c3981e9d1e72bd6aa6fd27a8acbb0ebcb2b7283016ef57bd68ece010f
- SSDEEP
  
  1536:W7ZhA7pApw03vR03vuhe7ZhA7pApw03vR03vuhJ:6e7WpwYRYJe7WpwYRYe
Score

9^/10

discovery ransomware
- Renames multiple (4595) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware