79f2fe30e19aa60199a59229e171e1f9028713d119613119dfef5f9b2b35b8d5 | Triage

Sharing

General

Target

79f2fe30e19aa60199a59229e171e1f9028713d119613119dfef5f9b2b35b8d5N
Size

146KB
Sample

240919-kjlpsazbpa
MD5

60f61ae7cc21892fb766ef1f792774e0
SHA1

1e7228545110195a83de2e944c54cec8aa5e2e30
SHA256

79f2fe30e19aa60199a59229e171e1f9028713d119613119dfef5f9b2b35b8d5
SHA512

20f38e55afad931c4a52cf89bb5a8d3fd8a9209dd45b81314fefe73c1d1f00fb0917a5f8927f1dac49ac4c6994126cd7ff939e5a2a7e5c001d87de54aa8cb8a5
SSDEEP

3072:62ssWpcU7lK1lKgkZ2ssWpcU7lK1lKgkG:MVyU7lK1lKxVyU7lK1lKm

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  79f2fe30e19aa60199a59229e171e1f9028713d119613119dfef5f9b2b35b8d5N
- Size
  
  146KB
- MD5
  
  60f61ae7cc21892fb766ef1f792774e0
- SHA1
  
  1e7228545110195a83de2e944c54cec8aa5e2e30
- SHA256
  
  79f2fe30e19aa60199a59229e171e1f9028713d119613119dfef5f9b2b35b8d5
- SHA512
  
  20f38e55afad931c4a52cf89bb5a8d3fd8a9209dd45b81314fefe73c1d1f00fb0917a5f8927f1dac49ac4c6994126cd7ff939e5a2a7e5c001d87de54aa8cb8a5
- SSDEEP
  
  3072:62ssWpcU7lK1lKgkZ2ssWpcU7lK1lKgkG:MVyU7lK1lKxVyU7lK1lKm
Score

9^/10

discovery ransomware
- Renames multiple (3918) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware