Overview

overview

9

Static

static

3

f2c5398f7e...02.exe

windows7-x64

7

f2c5398f7e...02.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f2c5398f7eaab3f9f4d3e1d512fdebeb2a6ff6a58fb94572390eec9183a7a002.exe

  • Size

    4.3MB

  • Sample

    241119-nxl49avhla

  • MD5

    148437e2bbdd787781d30b5f40785f8c

  • SHA1

    7aab93893cfa43781b4cf3ff051a8dd5c910b1a3

  • SHA256

    f2c5398f7eaab3f9f4d3e1d512fdebeb2a6ff6a58fb94572390eec9183a7a002

  • SHA512

    f2858536a488d8da4367268cf4081f201ef3710a226bb8fb76f850631dfbb42daf17884a52a6f3d11b1000d2ea7beb2f6708893369e0aa58b48e9e310e6b0692

  • SSDEEP

    24576:9j4jQg/6YCUsk7vFGhv/z2x2KdcPCl9AuDF5zUPGLG5SvAMZAMg9C:9ugQF7w/ax2KiPy9AuDzYs

Score
9/10
discoverypersistenceransomware

Malware Config

Targets

    • Target

      f2c5398f7eaab3f9f4d3e1d512fdebeb2a6ff6a58fb94572390eec9183a7a002.exe

    • Size

      4.3MB

    • MD5

      148437e2bbdd787781d30b5f40785f8c

    • SHA1

      7aab93893cfa43781b4cf3ff051a8dd5c910b1a3

    • SHA256

      f2c5398f7eaab3f9f4d3e1d512fdebeb2a6ff6a58fb94572390eec9183a7a002

    • SHA512

      f2858536a488d8da4367268cf4081f201ef3710a226bb8fb76f850631dfbb42daf17884a52a6f3d11b1000d2ea7beb2f6708893369e0aa58b48e9e310e6b0692

    • SSDEEP

      24576:9j4jQg/6YCUsk7vFGhv/z2x2KdcPCl9AuDF5zUPGLG5SvAMZAMg9C:9ugQF7w/ax2KiPy9AuDzYs

    Score
    9/10
    discoverypersistenceransomware

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks