f5f5816fc2d6066b47fd11d0b8e5013e6227b5fc564d33c5c5694c2f883a6fc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5f5816fc2d6066b47fd11d0b8e5013e6227b5fc564d33c5c5694c2f883a6fc9N
Size

147KB
Sample

241013-rg93xsvfjq
MD5

8cf8df60a86e8967d35f2b20f3131a40
SHA1

34b7c8d20b4f27f08b246af03e3c8462cf319755
SHA256

f5f5816fc2d6066b47fd11d0b8e5013e6227b5fc564d33c5c5694c2f883a6fc9
SHA512

d79f4d016819da15af96971dfc19d75528b8a7fedaa084d17efbc0ea18a3b65d52a05acd78df8b75c83c17f06f9e4836247d4f83e2646b40bd46d0739aebb743
SSDEEP

3072:6pWpBwchcV2WxrLCpWpBwchcV2WxrLEFu:PM2aM2RFu

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  f5f5816fc2d6066b47fd11d0b8e5013e6227b5fc564d33c5c5694c2f883a6fc9N
- Size
  
  147KB
- MD5
  
  8cf8df60a86e8967d35f2b20f3131a40
- SHA1
  
  34b7c8d20b4f27f08b246af03e3c8462cf319755
- SHA256
  
  f5f5816fc2d6066b47fd11d0b8e5013e6227b5fc564d33c5c5694c2f883a6fc9
- SHA512
  
  d79f4d016819da15af96971dfc19d75528b8a7fedaa084d17efbc0ea18a3b65d52a05acd78df8b75c83c17f06f9e4836247d4f83e2646b40bd46d0739aebb743
- SSDEEP
  
  3072:6pWpBwchcV2WxrLCpWpBwchcV2WxrLEFu:PM2aM2RFu
Score

9^/10

discovery ransomware
- Renames multiple (4268) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware