Overview

overview

9

Static

static

3

da8023ca11...fN.exe

windows7-x64

7

da8023ca11...fN.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da8023ca117498ce7ef8f37681b78856b02077bc9cab0495b685e6196cb98a0fN.exe

  • Size

    4.4MB

  • Sample

    241120-fcva5a1cje

  • MD5

    10f9e6ec75c5b19c16eeda2597aecd20

  • SHA1

    61e0b8e4b439070ffc0617aa84a69604c62daafb

  • SHA256

    da8023ca117498ce7ef8f37681b78856b02077bc9cab0495b685e6196cb98a0f

  • SHA512

    eb35effe95a2190e8020b7e9165b8ef0dbcc619e463dc49339983341bb9fab06b6079ec90062d7a15ad7b19c3ba2c1dd01d4b00be982c34e1e4b43ecf596bf04

  • SSDEEP

    49152:9/KfuPS3ELNjV7FZxEfOfOgwf099cPy9AuDzY:Km9pZxwgbcPy9AuDzY

Score
9/10
discoverypersistenceransomware

Malware Config

Targets

    • Target

      da8023ca117498ce7ef8f37681b78856b02077bc9cab0495b685e6196cb98a0fN.exe

    • Size

      4.4MB

    • MD5

      10f9e6ec75c5b19c16eeda2597aecd20

    • SHA1

      61e0b8e4b439070ffc0617aa84a69604c62daafb

    • SHA256

      da8023ca117498ce7ef8f37681b78856b02077bc9cab0495b685e6196cb98a0f

    • SHA512

      eb35effe95a2190e8020b7e9165b8ef0dbcc619e463dc49339983341bb9fab06b6079ec90062d7a15ad7b19c3ba2c1dd01d4b00be982c34e1e4b43ecf596bf04

    • SSDEEP

      49152:9/KfuPS3ELNjV7FZxEfOfOgwf099cPy9AuDzY:Km9pZxwgbcPy9AuDzY

    Score
    9/10
    discoverypersistenceransomware

    • Renames multiple (318) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks