d95e16208358c6b728af2e119d305951ff644242683c3f1996530fde405778ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d95e16208358c6b728af2e119d305951ff644242683c3f1996530fde405778ffN
Size

171KB
Sample

241002-fvqewsyejq
MD5

a86f2e4f6e0b50a0e562439f962a8d10
SHA1

b074cfc1cf25a25af585432dc3f48c6a45e95658
SHA256

d95e16208358c6b728af2e119d305951ff644242683c3f1996530fde405778ff
SHA512

ecf43b60287e5ab9e82676dd9e00733b73c2c8312c64ebdaf918c092299b3dc22caee3103a77614c2a48a5668a8fc3e6cc9ce1d7e9f5321dd090e38127cf069c
SSDEEP

3072:6e76mQSohsUsUKDtEr4e76mQSohsUsUKDtEr9:RemQSohsUsoemQSohsUsI

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  d95e16208358c6b728af2e119d305951ff644242683c3f1996530fde405778ffN
- Size
  
  171KB
- MD5
  
  a86f2e4f6e0b50a0e562439f962a8d10
- SHA1
  
  b074cfc1cf25a25af585432dc3f48c6a45e95658
- SHA256
  
  d95e16208358c6b728af2e119d305951ff644242683c3f1996530fde405778ff
- SHA512
  
  ecf43b60287e5ab9e82676dd9e00733b73c2c8312c64ebdaf918c092299b3dc22caee3103a77614c2a48a5668a8fc3e6cc9ce1d7e9f5321dd090e38127cf069c
- SSDEEP
  
  3072:6e76mQSohsUsUKDtEr4e76mQSohsUsUKDtEr9:RemQSohsUsoemQSohsUsI
Score

9^/10

discovery ransomware
- Renames multiple (4077) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware