f1f2c18695fa0b05ec5cd1c3a9bc0b2295b08eb84026173a9b33c6038547af4b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1f2c18695fa0b05ec5cd1c3a9bc0b2295b08eb84026173a9b33c6038547af4bN
Size

89KB
Sample

241003-qv8atasapf
MD5

f52317279439a245d76e6725eadd6a90
SHA1

6dedd37e2b1599eac9ace9d70a94b5a796f1268d
SHA256

f1f2c18695fa0b05ec5cd1c3a9bc0b2295b08eb84026173a9b33c6038547af4b
SHA512

1d32618737bba56c641afc474eaec13806a52b1bac266f21966416ebb8328367f60b654ed6de457fc0647b72ace31c202e2d662735b5d57659602f0c784e229e
SSDEEP

1536:W7ZppApBULcfpHLcfpyDcdyGdya37ZppApBULcfpHLcfpyDcdyGdyaN2X:6pWpBwchcwDA1pWpBwchcwDAA

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  f1f2c18695fa0b05ec5cd1c3a9bc0b2295b08eb84026173a9b33c6038547af4bN
- Size
  
  89KB
- MD5
  
  f52317279439a245d76e6725eadd6a90
- SHA1
  
  6dedd37e2b1599eac9ace9d70a94b5a796f1268d
- SHA256
  
  f1f2c18695fa0b05ec5cd1c3a9bc0b2295b08eb84026173a9b33c6038547af4b
- SHA512
  
  1d32618737bba56c641afc474eaec13806a52b1bac266f21966416ebb8328367f60b654ed6de457fc0647b72ace31c202e2d662735b5d57659602f0c784e229e
- SSDEEP
  
  1536:W7ZppApBULcfpHLcfpyDcdyGdya37ZppApBULcfpHLcfpyDcdyGdyaN2X:6pWpBwchcwDA1pWpBwchcwDAA
Score

9^/10

discovery ransomware
- Renames multiple (488) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware