Overview

overview

10

Static

static

8

428E1ABAB6...86.xls

windows7_x64

10

428E1ABAB6...86.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    428E1ABAB62B190787DB4A57D19CCF86.xls

  • Size

    799KB

  • Sample

    210120-bzc4n9ey6j

  • MD5

    428e1abab62b190787db4a57d19ccf86

  • SHA1

    b443cbc0b74ac39f696585f99160ddb5bfdc1e3a

  • SHA256

    5548251bf7e67b8dfa368d5b1e6699d9f260324e419d3e530c1d5ea927e3aaf2

  • SHA512

    3988a34186641af8c65feb0a0938eeee5d849fc3df0b93d82fa7f9b44527f17dd714dd0e2539058691fbbf48f0d72469acdb597ea2e4233192f4a8f936ef9d3b

Score
10/10
macromacro_on_actionransomware

Malware Config

Targets

    • Target

      428E1ABAB62B190787DB4A57D19CCF86.xls

    • Size

      799KB

    • MD5

      428e1abab62b190787db4a57d19ccf86

    • SHA1

      b443cbc0b74ac39f696585f99160ddb5bfdc1e3a

    • SHA256

      5548251bf7e67b8dfa368d5b1e6699d9f260324e419d3e530c1d5ea927e3aaf2

    • SHA512

      3988a34186641af8c65feb0a0938eeee5d849fc3df0b93d82fa7f9b44527f17dd714dd0e2539058691fbbf48f0d72469acdb597ea2e4233192f4a8f936ef9d3b

    Score
    10/10
    ransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks