5b40e3fc4bf2f9d2a2be6638fed001457dcce46f8ef0f25f75039c1cc6a0b349 | Triage

Sharing

General

Target

5b40e3fc4bf2f9d2a2be6638fed001457dcce46f8ef0f25f75039c1cc6a0b349N
Size

166KB
Sample

240921-ck246azfph
MD5

62b25a2eceee57a891ca602ce29155a0
SHA1

e5e1d651924b2432e7cedc8e3abea0fea34bdb42
SHA256

5b40e3fc4bf2f9d2a2be6638fed001457dcce46f8ef0f25f75039c1cc6a0b349
SHA512

8a439bac3fc5790387e75aa1a7760517913b6926831f83e9b54e38c9c525b537a9a9c447320cc204fc47ab9d4eeced3196264b12effc9cd8af8496b369f68175
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggl7Z9pApQESOHepOHe8G+6E65dyD:69WpQE0zxgv9WpQE0zxgL

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  5b40e3fc4bf2f9d2a2be6638fed001457dcce46f8ef0f25f75039c1cc6a0b349N
- Size
  
  166KB
- MD5
  
  62b25a2eceee57a891ca602ce29155a0
- SHA1
  
  e5e1d651924b2432e7cedc8e3abea0fea34bdb42
- SHA256
  
  5b40e3fc4bf2f9d2a2be6638fed001457dcce46f8ef0f25f75039c1cc6a0b349
- SHA512
  
  8a439bac3fc5790387e75aa1a7760517913b6926831f83e9b54e38c9c525b537a9a9c447320cc204fc47ab9d4eeced3196264b12effc9cd8af8496b369f68175
- SSDEEP
  
  1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggl7Z9pApQESOHepOHe8G+6E65dyD:69WpQE0zxgv9WpQE0zxgL
Score

9^/10

discovery ransomware
- Renames multiple (1040) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware