d5aa1c29f57fa170fdc8632752c4e1dd5a5b169f21cf76583da652a151ec8525 | Triage

Sharing

General

Target

d5aa1c29f57fa170fdc8632752c4e1dd5a5b169f21cf76583da652a151ec8525N
Size

102KB
Sample

240921-jzbzvascrc
MD5

b201afc2021adf471528031484ccf380
SHA1

3304a275b98a62cfe3c212b0d84dcb402ecea856
SHA256

d5aa1c29f57fa170fdc8632752c4e1dd5a5b169f21cf76583da652a151ec8525
SHA512

1fc07216217441a9a881a1f5a84668a5b3c16f2fe1a8e92531267e3a18fb719939de56c406855079c5adeaf76f60a99e0ca5b576eee861593801724c7f096564
SSDEEP

1536:W7Z+pAp2nKLQJytMJytvY27Z+pAp2nKLQJytMJytvYqhK:6+Wp2nmhR+Wp2nmhq

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  d5aa1c29f57fa170fdc8632752c4e1dd5a5b169f21cf76583da652a151ec8525N
- Size
  
  102KB
- MD5
  
  b201afc2021adf471528031484ccf380
- SHA1
  
  3304a275b98a62cfe3c212b0d84dcb402ecea856
- SHA256
  
  d5aa1c29f57fa170fdc8632752c4e1dd5a5b169f21cf76583da652a151ec8525
- SHA512
  
  1fc07216217441a9a881a1f5a84668a5b3c16f2fe1a8e92531267e3a18fb719939de56c406855079c5adeaf76f60a99e0ca5b576eee861593801724c7f096564
- SSDEEP
  
  1536:W7Z+pAp2nKLQJytMJytvY27Z+pAp2nKLQJytMJytvYqhK:6+Wp2nmhR+Wp2nmhq
Score

9^/10

discovery ransomware
- Renames multiple (4765) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware