2c861f99439d5034c0540e35265db8bae026ad0e670558c006f17f064c680f31 | Triage

Submit
Reports

Overview

overview

Static

static

8

pay-9898.xls

windows7_x64

pay-9898.xls

windows10_x64

5

Sharing

General

Target

pay-9898.xls
Size

31KB
Sample

210120-71kdz73bjx
MD5

40c4be0a32ba7510bbd07dd68d501c7b
SHA1

85fb9debaf5cd3b3e528f2273c134c8d71033172
SHA256

2c861f99439d5034c0540e35265db8bae026ad0e670558c006f17f064c680f31
SHA512

e4ba86bcf27c828273229aaa80d112a3a5b3fc4e6f38b9bb3dc03938a140776701a2a232255584defdd5ca35ddfb2728fbae80426e68ab5192db2fd54feb7a7c

Score

10^/10

macro ransomware xlm

Static task

static1

Behavioral task

behavioral1

Sample

pay-9898.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

pay-9898.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.liceovirreysolis.com/server.php

Targets

- Target
  
  pay-9898.xls
- Size
  
  31KB
- MD5
  
  40c4be0a32ba7510bbd07dd68d501c7b
- SHA1
  
  85fb9debaf5cd3b3e528f2273c134c8d71033172
- SHA256
  
  2c861f99439d5034c0540e35265db8bae026ad0e670558c006f17f064c680f31
- SHA512
  
  e4ba86bcf27c828273229aaa80d112a3a5b3fc4e6f38b9bb3dc03938a140776701a2a232255584defdd5ca35ddfb2728fbae80426e68ab5192db2fd54feb7a7c
Score

10^/10

ransomware
- JavaScript code in executable
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy