71992de55476ace5beadffb11ba15f36c151b9b0d6e4a621cf791973fbc7d5f8 | Triage

Sharing

General

Target

71992de55476ace5beadffb11ba15f36c151b9b0d6e4a621cf791973fbc7d5f8N
Size

173KB
Sample

241006-g7j93svaqk
MD5

74941fb86aaedba4e00be920c5d8a9a0
SHA1

581f00e54c90038d1de05e61466316b659be8a2e
SHA256

71992de55476ace5beadffb11ba15f36c151b9b0d6e4a621cf791973fbc7d5f8
SHA512

cbde82dc79ede004c0858c2ce524516f8d4937eae049be86c1c8651f8638688d4b48f0d0f14f142f76c6de02c1ae4bf1ca2e8b0a65d4fd4eeb2a5e1a0b2af7d0
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5DVSWu0SWuhcc3+83+cQWpze+eJfFpsJOfFpsJ5DVSWz:Lpe+ewDVSWu0SWuhcA3Npe+ewDVSWu0/

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  71992de55476ace5beadffb11ba15f36c151b9b0d6e4a621cf791973fbc7d5f8N
- Size
  
  173KB
- MD5
  
  74941fb86aaedba4e00be920c5d8a9a0
- SHA1
  
  581f00e54c90038d1de05e61466316b659be8a2e
- SHA256
  
  71992de55476ace5beadffb11ba15f36c151b9b0d6e4a621cf791973fbc7d5f8
- SHA512
  
  cbde82dc79ede004c0858c2ce524516f8d4937eae049be86c1c8651f8638688d4b48f0d0f14f142f76c6de02c1ae4bf1ca2e8b0a65d4fd4eeb2a5e1a0b2af7d0
- SSDEEP
  
  3072:9QWpze+eJfFpsJOfFpsJ5DVSWu0SWuhcc3+83+cQWpze+eJfFpsJOfFpsJ5DVSWz:Lpe+ewDVSWu0SWuhcA3Npe+ewDVSWu0/
Score

9^/10

discovery ransomware
- Renames multiple (3954) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware