86254eaf68234ce6857b3ca8291214eb3885ff951af05890b67ad1a5ce46f993 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86254eaf68234ce6857b3ca8291214eb3885ff951af05890b67ad1a5ce46f993
Size

96KB
Sample

241005-amltvayerh
MD5

a3f3225089c28f3b07d7946c39395fc3
SHA1

a02cf9996ba134d10653fa28d8ebe930f6cd089c
SHA256

86254eaf68234ce6857b3ca8291214eb3885ff951af05890b67ad1a5ce46f993
SHA512

b7a7f968f44add2f6c0e885d915d5454eb9cb561bb47c5540970bdd728a492fc6b633664d704f526f6f289bce2dd91e038b0b30f206b33a630123c9088d22242
SSDEEP

3072:6+Wp2naKIKNSarSak+Wp2naKIKNSarSaGj4:AonzSarSaeonzSarSaGj4

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  86254eaf68234ce6857b3ca8291214eb3885ff951af05890b67ad1a5ce46f993
- Size
  
  96KB
- MD5
  
  a3f3225089c28f3b07d7946c39395fc3
- SHA1
  
  a02cf9996ba134d10653fa28d8ebe930f6cd089c
- SHA256
  
  86254eaf68234ce6857b3ca8291214eb3885ff951af05890b67ad1a5ce46f993
- SHA512
  
  b7a7f968f44add2f6c0e885d915d5454eb9cb561bb47c5540970bdd728a492fc6b633664d704f526f6f289bce2dd91e038b0b30f206b33a630123c9088d22242
- SSDEEP
  
  3072:6+Wp2naKIKNSarSak+Wp2naKIKNSarSaGj4:AonzSarSaeonzSarSaGj4
Score

9^/10

discovery ransomware
- Renames multiple (4863) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware