Overview

overview

10

Static

static

8

Default

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INF-20210120-08909.zip

  • Size

    86KB

  • Sample

    210120-hr5l723le6

  • MD5

    677a752ebc2249471ae4eda579a8bde6

  • SHA1

    fa91087685c057625b27b2741bed507bec4760da

  • SHA256

    c6965160d25ddc07b8efd40215b5227f0087f09992e16ecce5e7d060918ee2ac

  • SHA512

    ded2cc066eca0f5124ee61d1ee3e3043a99b146075c5bf3363f13bc81bce43b4a240102ca918fee847fa7e1d02820be54da80aad2a56895045611fcd88451081

Score
10/10
macroransomwarexlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://zhongsijiacheng.com/wp-content/jn5/
exe.dropper

http://artistascitizen.com/wp-content/Bx3cr6/
exe.dropper

http://ombchardin.com/archive/V/
exe.dropper

https://apsolution.work/magneti-marelli-zkkmb/toq7Eiy/
exe.dropper

https://happycheftv.com/wp-admin/z6uGcbY/
exe.dropper

https://careercoachconnection.com/tenderometer/4K/
exe.dropper

https://tacademicos.com/content/JbF68i/

Targets

    • Target

      INF-20210120-08909.doc

    • Size

      160KB

    • MD5

      e1cd9b67d8dc2c78b0aa3c80da4806b0

    • SHA1

      7a076b44f4bab8fe409805efb5b6f3826a9ccb91

    • SHA256

      27eb929efd1cfc1a8ba450565117b9011c7eaeb1d8037720dca123dd90f71820

    • SHA512

      df1f59b09494253b53105b71d7ad978e4170bfb02b690622e50293601b8fcbe2f606fba85db17d6d13b3dde02b252aa3c34a676905b2177ad1384a3292280340

    Score
    10/10
    ransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks