d1e5b9629978700d42b095a7f1a1526b13cf8bf679fffd1005a0daec2af21364 | Triage

Sharing

General

Target

d1e5b9629978700d42b095a7f1a1526b13cf8bf679fffd1005a0daec2af21364
Size

7.1MB
Sample

241121-kqrjlsvmhk
MD5

ef16186ca98cac06a6f224a0c7532fd7
SHA1

08ef445e63e7beed27e7f1d8468e4902fa713815
SHA256

d1e5b9629978700d42b095a7f1a1526b13cf8bf679fffd1005a0daec2af21364
SHA512

eff1289310fed5635037f7ae9564e88eae67620a15d2eff19d821f8d0283380a3528b50f11dfd2bfd78ae951d3a3ce996c980fa16c5cf6336fac84c5737aed23
SSDEEP

49152:9ggkEaSIHYezZiNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOu2Qt7YW:Smapj+os45gaHrhdw3D7nTsR

Score

9^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  d1e5b9629978700d42b095a7f1a1526b13cf8bf679fffd1005a0daec2af21364
- Size
  
  7.1MB
- MD5
  
  ef16186ca98cac06a6f224a0c7532fd7
- SHA1
  
  08ef445e63e7beed27e7f1d8468e4902fa713815
- SHA256
  
  d1e5b9629978700d42b095a7f1a1526b13cf8bf679fffd1005a0daec2af21364
- SHA512
  
  eff1289310fed5635037f7ae9564e88eae67620a15d2eff19d821f8d0283380a3528b50f11dfd2bfd78ae951d3a3ce996c980fa16c5cf6336fac84c5737aed23
- SSDEEP
  
  49152:9ggkEaSIHYezZiNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOu2Qt7YW:Smapj+os45gaHrhdw3D7nTsR
Score

9^/10

discovery persistence ransomware
- Renames multiple (317) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistenceransomware