9730e03ca9d052875895b4ad7ba7914f69009fd5fb58d324ee35d3e45f90d768 | Triage

Resubmissions

30-10-2019 18:36

191030-4jjvvmbgys 0

30-10-2019 17:06

191030-cdxr5hrvmn 0

Sharing

General

Target

iis_agent32.exe
Size

144KB
Sample

191030-4jjvvmbgys
MD5

8cd8d46cd6c7e336d2baa2f78d8d0ab4
SHA1

128a74c415ae00eea8eca6ba110e4857ac75f044
SHA256

9730e03ca9d052875895b4ad7ba7914f69009fd5fb58d324ee35d3e45f90d768
SHA512

12f1c135072ee33788576d895da7615c9077b3809a78c6a0d57f67ed21aad3180e108422838dcbd6919393f78e9d5a2121744bc50da7f1c48b3b49de16b9afea

Score

9^/10

dropper evasion exploiter maldoc ransomware

Malware Config

Targets

- Target
  
  iis_agent32.exe
- Size
  
  144KB
- MD5
  
  8cd8d46cd6c7e336d2baa2f78d8d0ab4
- SHA1
  
  128a74c415ae00eea8eca6ba110e4857ac75f044
- SHA256
  
  9730e03ca9d052875895b4ad7ba7914f69009fd5fb58d324ee35d3e45f90d768
- SHA512
  
  12f1c135072ee33788576d895da7615c9077b3809a78c6a0d57f67ed21aad3180e108422838dcbd6919393f78e9d5a2121744bc50da7f1c48b3b49de16b9afea
Score

9^/10

ransomware evasion dropper exploiter maldoc
- Deletes shadow copies
  ransomware
- Clears Windows event logs
  evasion ransomware
- Deletes itself
- Modifies Boot Configuration Data
  ransomware evasion
- Drops Office document
  dropper exploiter maldoc
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Indicator Removal on Host

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

task1

ransomwareevasiondropperexploitermaldoc

task2

ransomwareevasion