Overview

overview

9

Static

static

3

47b127b14d...6N.exe

windows7-x64

7

47b127b14d...6N.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47b127b14d882dda11fc539d701a279377124ecc3d1786bc38808d0989855f06N.exe

  • Size

    820KB

  • Sample

    241119-qbr5gs1mel

  • MD5

    358957c0600c5252089357097c7bcfa0

  • SHA1

    2ca1906df32e1bb5863146b6325e1c2f3c4a0cd3

  • SHA256

    47b127b14d882dda11fc539d701a279377124ecc3d1786bc38808d0989855f06

  • SHA512

    6c3f78e3d3b1edbb8f20d220e3ea16ed150d01d25396695de76c6a38a032d1db659218b410c56670b407dd14025cb9740706ab8055d0e40bd4cbe314600df718

  • SSDEEP

    12288:9jxeyzDxTcLpSYnEv2GvAuYqRs0Ygi9+SteacR9bzOXd1:9jxeyvxmpFnEvcuYAzYttepzb6X/

Score
9/10
discoverypersistenceransomware

Malware Config

Targets

    • Target

      47b127b14d882dda11fc539d701a279377124ecc3d1786bc38808d0989855f06N.exe

    • Size

      820KB

    • MD5

      358957c0600c5252089357097c7bcfa0

    • SHA1

      2ca1906df32e1bb5863146b6325e1c2f3c4a0cd3

    • SHA256

      47b127b14d882dda11fc539d701a279377124ecc3d1786bc38808d0989855f06

    • SHA512

      6c3f78e3d3b1edbb8f20d220e3ea16ed150d01d25396695de76c6a38a032d1db659218b410c56670b407dd14025cb9740706ab8055d0e40bd4cbe314600df718

    • SSDEEP

      12288:9jxeyzDxTcLpSYnEv2GvAuYqRs0Ygi9+SteacR9bzOXd1:9jxeyvxmpFnEvcuYAzYttepzb6X/

    Score
    9/10
    discoverypersistenceransomware

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks