4d2dda5ca67629b74ed5c76775f02661a800dbb73ce039f6cc6157bb1b6acf17 | Triage

Sharing

General

Target

4d2dda5ca67629b74ed5c76775f02661a800dbb73ce039f6cc6157bb1b6acf17N
Size

112KB
Sample

241012-nd143ascml
MD5

69bd4c3efc5038ed0fdbff364d486320
SHA1

55fbda11ce6ba1aa40a7e811e08ff1cb56f7b657
SHA256

4d2dda5ca67629b74ed5c76775f02661a800dbb73ce039f6cc6157bb1b6acf17
SHA512

8ad5c9de816f0cfe701b66eda096a9d65c5be13265214d25d7a3fc8ac6f61044e54302eb57a06b8baf21e7572df2f905d28ace67c0a43a08e3c56a91244b5f6f
SSDEEP

768:/7BlpQpARFbhvEXBwzEXBwLtAc7Fc7z7BlpQpARFbhvEXBwzEXBwLtAc7Fc7x:/7ZQpApHoz7ZQpApHox

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  4d2dda5ca67629b74ed5c76775f02661a800dbb73ce039f6cc6157bb1b6acf17N
- Size
  
  112KB
- MD5
  
  69bd4c3efc5038ed0fdbff364d486320
- SHA1
  
  55fbda11ce6ba1aa40a7e811e08ff1cb56f7b657
- SHA256
  
  4d2dda5ca67629b74ed5c76775f02661a800dbb73ce039f6cc6157bb1b6acf17
- SHA512
  
  8ad5c9de816f0cfe701b66eda096a9d65c5be13265214d25d7a3fc8ac6f61044e54302eb57a06b8baf21e7572df2f905d28ace67c0a43a08e3c56a91244b5f6f
- SSDEEP
  
  768:/7BlpQpARFbhvEXBwzEXBwLtAc7Fc7z7BlpQpARFbhvEXBwzEXBwLtAc7Fc7x:/7ZQpApHoz7ZQpApHox
Score

9^/10

discovery ransomware
- Renames multiple (4842) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware