621508c70eb0da23308071c8d330e7cb56df31cea14370db2d8c519020a43f4f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

621508c70eb0da23308071c8d330e7cb56df31cea14370db2d8c519020a43f4fN
Size

130KB
Sample

241004-vyw46swfqn
MD5

26f8de304b306f4aa641d90921d06fe0
SHA1

5b0943f4397476463ccd29f73bf5c8b808f24f17
SHA256

621508c70eb0da23308071c8d330e7cb56df31cea14370db2d8c519020a43f4f
SHA512

d32af6c522f50006b01e64866e3c67fe2b2a097d10e5102aad4e5aa0bd235673ace47812a5ca8f1a151f3974e1a11f600c344c8289d3fb2c65fb7f77ac8ed8a4
SSDEEP

3072:6e7WpwYRYUtdtSsBc3wOe7WpwYRYUtdtSsBc3wI:Rq7agcsq7agcP

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  621508c70eb0da23308071c8d330e7cb56df31cea14370db2d8c519020a43f4fN
- Size
  
  130KB
- MD5
  
  26f8de304b306f4aa641d90921d06fe0
- SHA1
  
  5b0943f4397476463ccd29f73bf5c8b808f24f17
- SHA256
  
  621508c70eb0da23308071c8d330e7cb56df31cea14370db2d8c519020a43f4f
- SHA512
  
  d32af6c522f50006b01e64866e3c67fe2b2a097d10e5102aad4e5aa0bd235673ace47812a5ca8f1a151f3974e1a11f600c344c8289d3fb2c65fb7f77ac8ed8a4
- SSDEEP
  
  3072:6e7WpwYRYUtdtSsBc3wOe7WpwYRYUtdtSsBc3wI:Rq7agcsq7agcP
Score

9^/10

discovery ransomware
- Renames multiple (3837) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware