c20817afa757ce2c26e1f643800b20bad2e9f0c5de9fc2628e89a7312e69591a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c20817afa757ce2c26e1f643800b20bad2e9f0c5de9fc2628e89a7312e69591aN
Size

79KB
Sample

240928-h8hy3swbrg
MD5

5e6df6131ae7824398ca59ad17b653a0
SHA1

700e80b2c8e868be03e7b350dd43f2bef7d8a5de
SHA256

c20817afa757ce2c26e1f643800b20bad2e9f0c5de9fc2628e89a7312e69591a
SHA512

4e715d4e6e315e1c73fad82f3c10337245075d5eb9d343fdc9b34da96d53ceb376a597aae16cd5648714e4346941ddb0d1f09d19cc4acc68ffc6add3276f3e35
SSDEEP

384:GBt7Br5xjL7lAgA71Fbhvt3avjZjTc7QUlac7QUlWBt7Br5xjL7lAgA71Fbhvt3H:W7Blp9pARFbhSjN7Blp9pARFbhSjQF

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  c20817afa757ce2c26e1f643800b20bad2e9f0c5de9fc2628e89a7312e69591aN
- Size
  
  79KB
- MD5
  
  5e6df6131ae7824398ca59ad17b653a0
- SHA1
  
  700e80b2c8e868be03e7b350dd43f2bef7d8a5de
- SHA256
  
  c20817afa757ce2c26e1f643800b20bad2e9f0c5de9fc2628e89a7312e69591a
- SHA512
  
  4e715d4e6e315e1c73fad82f3c10337245075d5eb9d343fdc9b34da96d53ceb376a597aae16cd5648714e4346941ddb0d1f09d19cc4acc68ffc6add3276f3e35
- SSDEEP
  
  384:GBt7Br5xjL7lAgA71Fbhvt3avjZjTc7QUlac7QUlWBt7Br5xjL7lAgA71Fbhvt3H:W7Blp9pARFbhSjN7Blp9pARFbhSjQF
Score

9^/10

discovery ransomware
- Renames multiple (4641) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware