75379b3a81847b0e907148fccdc0dbaff415192814165206a60ad82c64ac65da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

75379b3a81847b0e907148fccdc0dbaff415192814165206a60ad82c64ac65da
Size

4.3MB
Sample

241009-17wgwsvhqq
MD5

3b6932450b1aaf4423b02512c992b7c8
SHA1

2b232ffee7ea46aede547b7ae751c9685f6b9c46
SHA256

75379b3a81847b0e907148fccdc0dbaff415192814165206a60ad82c64ac65da
SHA512

5eed46df5a51cb7954dda0e497a69185afc5a2f5e6b3c90dfc1127bbe93a48780dd8d7311b76d6b3c5fff558a35336c2e925425e68f8fe1a10cfca3dde310be4
SSDEEP

24576:9jOaUdswAW+SIo0+CQK1pv/TtWHp9lF/YvuHIWIanPf2xOJilT5737s2FxvNEtXU:9NSIRWPYvNTNxvW9cPy9AuDzY

Score

9^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  75379b3a81847b0e907148fccdc0dbaff415192814165206a60ad82c64ac65da
- Size
  
  4.3MB
- MD5
  
  3b6932450b1aaf4423b02512c992b7c8
- SHA1
  
  2b232ffee7ea46aede547b7ae751c9685f6b9c46
- SHA256
  
  75379b3a81847b0e907148fccdc0dbaff415192814165206a60ad82c64ac65da
- SHA512
  
  5eed46df5a51cb7954dda0e497a69185afc5a2f5e6b3c90dfc1127bbe93a48780dd8d7311b76d6b3c5fff558a35336c2e925425e68f8fe1a10cfca3dde310be4
- SSDEEP
  
  24576:9jOaUdswAW+SIo0+CQK1pv/TtWHp9lF/YvuHIWIanPf2xOJilT5737s2FxvNEtXU:9NSIRWPYvNTNxvW9cPy9AuDzY
Score

9^/10

discovery persistence ransomware
- Renames multiple (316) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistenceransomware