af56fcaa50138d5ba49aa67ea04341bf2fdee69cafd7637e8db2b1ce77f964a8 | Triage

Sharing

General

Target

af56fcaa50138d5ba49aa67ea04341bf2fdee69cafd7637e8db2b1ce77f964a8N
Size

91KB
Sample

241014-xncc5avdmr
MD5

9d64b5e4a3f25610a72e2bf8b94600d0
SHA1

c9254c0d244a915a3af52a4b872f73b574400671
SHA256

af56fcaa50138d5ba49aa67ea04341bf2fdee69cafd7637e8db2b1ce77f964a8
SHA512

ad84b17d23c7e4aa80a2d8e141f0840668df737eac730f3062a0120dfc3a652bbdaf5f6a6bcbdba5f396a357e1ceed5b93e503385cb017b88f4883f0530c7e86
SSDEEP

1536:W7ZhA7pApw03vR03v4YUTjruYTjruUkfQLOr0ARZF6NFVogjQlRv/Ld:6e7WpwYRY4YUTjruYTjruFQrwUhQ7X5

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  af56fcaa50138d5ba49aa67ea04341bf2fdee69cafd7637e8db2b1ce77f964a8N
- Size
  
  91KB
- MD5
  
  9d64b5e4a3f25610a72e2bf8b94600d0
- SHA1
  
  c9254c0d244a915a3af52a4b872f73b574400671
- SHA256
  
  af56fcaa50138d5ba49aa67ea04341bf2fdee69cafd7637e8db2b1ce77f964a8
- SHA512
  
  ad84b17d23c7e4aa80a2d8e141f0840668df737eac730f3062a0120dfc3a652bbdaf5f6a6bcbdba5f396a357e1ceed5b93e503385cb017b88f4883f0530c7e86
- SSDEEP
  
  1536:W7ZhA7pApw03vR03v4YUTjruYTjruUkfQLOr0ARZF6NFVogjQlRv/Ld:6e7WpwYRY4YUTjruYTjruFQrwUhQ7X5
Score

9^/10

discovery ransomware
- Renames multiple (3763) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware