06cbb9b9fed46ea63fc030f4a042713edc78736f3a2fc005cb9ed9fb46dfa139 | Triage

Sharing

General

Target

06cbb9b9fed46ea63fc030f4a042713edc78736f3a2fc005cb9ed9fb46dfa139N
Size

87KB
Sample

240920-1j13gazdkj
MD5

69b62b6a0eb15e994d2dc802ca7f3a80
SHA1

846944a25d5e0bcf5090193efd192b2280d86f05
SHA256

06cbb9b9fed46ea63fc030f4a042713edc78736f3a2fc005cb9ed9fb46dfa139
SHA512

9e30581287249702a9f5b3c12b3d0a2b4be6ff5d9fe3f9e138470303c8ed78a9573326e1f7a7c9e907bbafa9109ef267ec4b336458cfa0d17430a6b203eaa932
SSDEEP

1536:W7ZppApBULcfpHLcfp/ZeLP2A7ZppApBULcfpHLcfp/ZeLP2L:6pWpBwchc5ZehpWpBwchc5ZeW

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  06cbb9b9fed46ea63fc030f4a042713edc78736f3a2fc005cb9ed9fb46dfa139N
- Size
  
  87KB
- MD5
  
  69b62b6a0eb15e994d2dc802ca7f3a80
- SHA1
  
  846944a25d5e0bcf5090193efd192b2280d86f05
- SHA256
  
  06cbb9b9fed46ea63fc030f4a042713edc78736f3a2fc005cb9ed9fb46dfa139
- SHA512
  
  9e30581287249702a9f5b3c12b3d0a2b4be6ff5d9fe3f9e138470303c8ed78a9573326e1f7a7c9e907bbafa9109ef267ec4b336458cfa0d17430a6b203eaa932
- SSDEEP
  
  1536:W7ZppApBULcfpHLcfp/ZeLP2A7ZppApBULcfpHLcfp/ZeLP2L:6pWpBwchc5ZehpWpBwchc5ZeW
Score

9^/10

discovery ransomware
- Renames multiple (4852) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware