b879a920612fcf9e7fdbeab5b91afc8b4a0a0792f7af46d09bcf2fe72adde6a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b879a920612fcf9e7fdbeab5b91afc8b4a0a0792f7af46d09bcf2fe72adde6a3N
Size

174KB
Sample

240919-r9y65avajf
MD5

d044597d49f055b3222647bd970b49d0
SHA1

9976bfb736e7805807401b0604e17400314e243b
SHA256

b879a920612fcf9e7fdbeab5b91afc8b4a0a0792f7af46d09bcf2fe72adde6a3
SHA512

3a181a184096c35802c843390276588f778ecbbbaa7ed98f2001e0c5a28b0619475ff869be32f4a1c3c3ccc118da26bb390396e0b8c49601997cbd9fb5c100f7
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eBSWoe7WpMaxeb0CYJ97lEYNR73e+eBSWG:RqKvb0CYJ973e+eBSoqKvb0CYJ973e+H

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  b879a920612fcf9e7fdbeab5b91afc8b4a0a0792f7af46d09bcf2fe72adde6a3N
- Size
  
  174KB
- MD5
  
  d044597d49f055b3222647bd970b49d0
- SHA1
  
  9976bfb736e7805807401b0604e17400314e243b
- SHA256
  
  b879a920612fcf9e7fdbeab5b91afc8b4a0a0792f7af46d09bcf2fe72adde6a3
- SHA512
  
  3a181a184096c35802c843390276588f778ecbbbaa7ed98f2001e0c5a28b0619475ff869be32f4a1c3c3ccc118da26bb390396e0b8c49601997cbd9fb5c100f7
- SSDEEP
  
  3072:6e7WpMaxeb0CYJ97lEYNR73e+eBSWoe7WpMaxeb0CYJ97lEYNR73e+eBSWG:RqKvb0CYJ973e+eBSoqKvb0CYJ973e+H
Score

9^/10

discovery ransomware
- Renames multiple (3169) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware