918672b3c6b495c01f1b63bcfc3f55d426e45e1f69d6deb78e7a308c87b11faf | Triage

Sharing

General

Target

918672b3c6b495c01f1b63bcfc3f55d426e45e1f69d6deb78e7a308c87b11fafN
Size

94KB
Sample

240921-g7gtysyglm
MD5

48d56bf63494eb5b5b5663614876d790
SHA1

b5f1e836385e80e48a95346f5bce8264deabf235
SHA256

918672b3c6b495c01f1b63bcfc3f55d426e45e1f69d6deb78e7a308c87b11faf
SHA512

ee2d425e0a939f15789ce3d6e9e0cef7ca3fde2a59e3c6c061f70c766e8c5cf50784ffd655c119a20392c67ee0702ad890555a6cbf7198fb1376e067d717ea13
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyUA9o7BlpppARFbhHFoqAJwBqAJw1VyjVyf:W7ZppApyVyjVyJ9o7ZppApyVyjVyJ9f

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  918672b3c6b495c01f1b63bcfc3f55d426e45e1f69d6deb78e7a308c87b11fafN
- Size
  
  94KB
- MD5
  
  48d56bf63494eb5b5b5663614876d790
- SHA1
  
  b5f1e836385e80e48a95346f5bce8264deabf235
- SHA256
  
  918672b3c6b495c01f1b63bcfc3f55d426e45e1f69d6deb78e7a308c87b11faf
- SHA512
  
  ee2d425e0a939f15789ce3d6e9e0cef7ca3fde2a59e3c6c061f70c766e8c5cf50784ffd655c119a20392c67ee0702ad890555a6cbf7198fb1376e067d717ea13
- SSDEEP
  
  768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyUA9o7BlpppARFbhHFoqAJwBqAJw1VyjVyf:W7ZppApyVyjVyJ9o7ZppApyVyjVyJ9f
Score

9^/10

discovery ransomware
- Renames multiple (5117) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware