Overview

overview

9

Static

static

3

d20bd75b1a...db.exe

windows7-x64

7

d20bd75b1a...db.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d20bd75b1af16612c8af974207aa21c035b841b6ad2376a6402e8b6c43e5c4db

  • Size

    209KB

  • Sample

    240701-dj99tathlg

  • MD5

    bbe41b3a89f0b259bf2eb52c42c77882

  • SHA1

    e224952abdfef532c1e73319a9fd4cec7e6b9db1

  • SHA256

    d20bd75b1af16612c8af974207aa21c035b841b6ad2376a6402e8b6c43e5c4db

  • SHA512

    fb8e84a5359c0f3c1a5991a41ab13edb9232c9642579c9a686e86a1e5095df0ec3d70b4fb431bd6b40288967f6e2eed460c65d6d056c371e38ce9706065a6856

  • SSDEEP

    3072:6DWpwE7oL2e+efZwZ08i8z3ML2w9tuTOHpYq1fq2xzrKTen+/AdSTBUSZEl:dN/e+efimJa3ML2GOOHFlxzDwGSTB5E

Score
9/10
ransomware

Malware Config

Targets

    • Target

      d20bd75b1af16612c8af974207aa21c035b841b6ad2376a6402e8b6c43e5c4db

    • Size

      209KB

    • MD5

      bbe41b3a89f0b259bf2eb52c42c77882

    • SHA1

      e224952abdfef532c1e73319a9fd4cec7e6b9db1

    • SHA256

      d20bd75b1af16612c8af974207aa21c035b841b6ad2376a6402e8b6c43e5c4db

    • SHA512

      fb8e84a5359c0f3c1a5991a41ab13edb9232c9642579c9a686e86a1e5095df0ec3d70b4fb431bd6b40288967f6e2eed460c65d6d056c371e38ce9706065a6856

    • SSDEEP

      3072:6DWpwE7oL2e+efZwZ08i8z3ML2w9tuTOHpYq1fq2xzrKTen+/AdSTBUSZEl:dN/e+efimJa3ML2GOOHFlxzDwGSTB5E

    Score
    9/10
    ransomware

    • Renames multiple (183) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks