859ee5d6161bb723f736f9ce868a3ab5a4cd5b4c07296239d0fcc49d7cdd8249 | Triage

Submit
Reports

Overview

overview

Static

static

certificat...20.doc

windows7_x64

certificat...20.doc

windows10_x64

Sharing

General

Target

certificato-07.08.2020.doc
Size

147KB
Sample

200710-7vjepxdqye
MD5

e6524bfe307ac0e25cbefd32e562f7b5
SHA1

c82af405405cc21144e12c943a36ee785393c1b8
SHA256

859ee5d6161bb723f736f9ce868a3ab5a4cd5b4c07296239d0fcc49d7cdd8249
SHA512

31f0858a420c126e1011197ac54b847d2ba84845cf91ef7f0965271f4ddd78004674722d68ad3a34b3a398ffd4d4bbb52761140d473a622a83d5e69664d6506b

Score

10^/10

bootkit ransomware

Static task

static1

Behavioral task

behavioral1

Sample

certificato-07.08.2020.doc

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

certificato-07.08.2020.doc

Resource

win10

ransomware bootkit

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  certificato-07.08.2020.doc
- Size
  
  147KB
- MD5
  
  e6524bfe307ac0e25cbefd32e562f7b5
- SHA1
  
  c82af405405cc21144e12c943a36ee785393c1b8
- SHA256
  
  859ee5d6161bb723f736f9ce868a3ab5a4cd5b4c07296239d0fcc49d7cdd8249
- SHA512
  
  31f0858a420c126e1011197ac54b847d2ba84845cf91ef7f0965271f4ddd78004674722d68ad3a34b3a398ffd4d4bbb52761140d473a622a83d5e69664d6506b
Score

10^/10

ransomware bootkit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

ransomwarebootkit

© 2018-2024

Terms | Privacy