acdf30b08488f9361efc2e18f9f1323ec6c821056c68e3e9ac39594c38fa97dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

acdf30b08488f9361efc2e18f9f1323ec6c821056c68e3e9ac39594c38fa97ddN
Size

91KB
Sample

240920-2amn6a1hkk
MD5

481824ef2da7549fcc60aa00a936e5c0
SHA1

19d1adeb4e49dae99c12a1043fc4e4f66c5d8a74
SHA256

acdf30b08488f9361efc2e18f9f1323ec6c821056c68e3e9ac39594c38fa97dd
SHA512

1ccca4be206a823fc6f80984c8fcfed11acf27ea43bf5c4cdea5b3a815ab043c31bf314518efc647a14ce3de1f4b8cdfa0f9bb42f7e7c4bca1758e5ef9295111
SSDEEP

768:/7BlpQpARFbhq1KtGFGxNCSNCk7BlpQpARFbhq1KtGFGxNCSNCi:/7ZQpApq1e7ZQpApq1g

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  acdf30b08488f9361efc2e18f9f1323ec6c821056c68e3e9ac39594c38fa97ddN
- Size
  
  91KB
- MD5
  
  481824ef2da7549fcc60aa00a936e5c0
- SHA1
  
  19d1adeb4e49dae99c12a1043fc4e4f66c5d8a74
- SHA256
  
  acdf30b08488f9361efc2e18f9f1323ec6c821056c68e3e9ac39594c38fa97dd
- SHA512
  
  1ccca4be206a823fc6f80984c8fcfed11acf27ea43bf5c4cdea5b3a815ab043c31bf314518efc647a14ce3de1f4b8cdfa0f9bb42f7e7c4bca1758e5ef9295111
- SSDEEP
  
  768:/7BlpQpARFbhq1KtGFGxNCSNCk7BlpQpARFbhq1KtGFGxNCSNCi:/7ZQpApq1e7ZQpApq1g
Score

9^/10

discovery ransomware
- Renames multiple (4821) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware