General

  • Target

    2ddb7d08b8b7eed6b53eec295d1aa96ed04d8d046c90fc27622eae59124d0134N.exe

  • Size

    4.3MB

  • Sample

    241119-wer7jsygmc

  • MD5

    9795367b372e9f89e2bfc5114d685a40

  • SHA1

    17ff24f21f4ed24ea9e3bd857d17bdd259f582d6

  • SHA256

    2ddb7d08b8b7eed6b53eec295d1aa96ed04d8d046c90fc27622eae59124d0134

  • SHA512

    300605df7011efa409f044d2c3d30def1db9a5f5c1a67b95004896b8b088825ff2bfe03a716118cad082ed2ebf3a8f0697a5f553cee3328fad887455b6d7dabe

  • SSDEEP

    24576:9j4jQg/6YCUsk7vFGhv/z2x2KdcPCl9AuDF5zUPGLG5SvAMZAMg9:9ugQF7w/ax2KiPy9AuDzY

Malware Config

Targets

    • Target

      2ddb7d08b8b7eed6b53eec295d1aa96ed04d8d046c90fc27622eae59124d0134N.exe

    • Size

      4.3MB

    • MD5

      9795367b372e9f89e2bfc5114d685a40

    • SHA1

      17ff24f21f4ed24ea9e3bd857d17bdd259f582d6

    • SHA256

      2ddb7d08b8b7eed6b53eec295d1aa96ed04d8d046c90fc27622eae59124d0134

    • SHA512

      300605df7011efa409f044d2c3d30def1db9a5f5c1a67b95004896b8b088825ff2bfe03a716118cad082ed2ebf3a8f0697a5f553cee3328fad887455b6d7dabe

    • SSDEEP

      24576:9j4jQg/6YCUsk7vFGhv/z2x2KdcPCl9AuDF5zUPGLG5SvAMZAMg9:9ugQF7w/ax2KiPy9AuDzY

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks