e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037 | Triage

Submit
Reports

Overview

overview

Static

static

ฺฺฺ�...ฺฺ

windows10_x64

Resubmissions

21-11-2020 16:12

201121-3vsypzcqyx 10

21-11-2020 15:12

201121-c152v5zkxx 10

Sharing

General

Target

e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037.bin
Size

532KB
Sample

201121-3vsypzcqyx
MD5

76f547c793b5478b970c64caf04d01d4
SHA1

f9eb40f6d3d4c83852e3781886db762bef8564e0
SHA256

e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037
SHA512

91e91a8b693cb253f281411260611a221a113b342eaa642a9d6597aaf86c138ee2aa28ade10218a814ae34016e6d70824e36786497476ab704defddf60e33e17

Score

10^/10

bootkit ransomware

Static task

static1

Behavioral task

behavioral1

Sample

e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037.bin.exe

Resource

win10v20201028

bootkit ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037.bin
- Size
  
  532KB
- MD5
  
  76f547c793b5478b970c64caf04d01d4
- SHA1
  
  f9eb40f6d3d4c83852e3781886db762bef8564e0
- SHA256
  
  e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037
- SHA512
  
  91e91a8b693cb253f281411260611a221a113b342eaa642a9d6597aaf86c138ee2aa28ade10218a814ae34016e6d70824e36786497476ab704defddf60e33e17
Score

10^/10

bootkit ransomware
- Suspicious use of NtCreateProcessExOtherParentProcess
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitransomware

© 2018-2024

Terms | Privacy