7a5d5f20d725ec9feb4614faf326988efb4f7850a9d93720464cb26397b0bdd9 | Triage

Sharing

General

Target

7a5d5f20d725ec9feb4614faf326988efb4f7850a9d93720464cb26397b0bdd9
Size

91KB
Sample

241008-3vb9lathme
MD5

a9ee07dc19cd08505323f1c86e2b24f4
SHA1

0a551d43d8bae0b585efc90ceaa82c7fb124a091
SHA256

7a5d5f20d725ec9feb4614faf326988efb4f7850a9d93720464cb26397b0bdd9
SHA512

8c5197bb4e07dba9198932eb99a9871f6eb306ca448bac6dfb218a2bc8621130ad79047ac6dbd30234a075abf63140a2ebc7bd715e1bd3153c1f6977e0d86a6a
SSDEEP

768:W7Blp2sspARFbh5YePbTQbzjrY/+TQbzjrY/o7Blp2sspARFbh5YePbTQbzjrY/W:W7Z2sspAp5YePX7Z2sspAp5YePC

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  7a5d5f20d725ec9feb4614faf326988efb4f7850a9d93720464cb26397b0bdd9
- Size
  
  91KB
- MD5
  
  a9ee07dc19cd08505323f1c86e2b24f4
- SHA1
  
  0a551d43d8bae0b585efc90ceaa82c7fb124a091
- SHA256
  
  7a5d5f20d725ec9feb4614faf326988efb4f7850a9d93720464cb26397b0bdd9
- SHA512
  
  8c5197bb4e07dba9198932eb99a9871f6eb306ca448bac6dfb218a2bc8621130ad79047ac6dbd30234a075abf63140a2ebc7bd715e1bd3153c1f6977e0d86a6a
- SSDEEP
  
  768:W7Blp2sspARFbh5YePbTQbzjrY/+TQbzjrY/o7Blp2sspARFbh5YePbTQbzjrY/W:W7Z2sspAp5YePX7Z2sspAp5YePC
Score

9^/10

discovery ransomware
- Renames multiple (4872) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware