f068b16458493f485c6fa0e77281126c6672c76a4cfa0beb195cf180894e674f | Triage

Submit
Reports

Overview

overview

Static

static

8

Internet-Win7-30min

windows7_x64

Sharing

General

Target

0120_91448090.doc
Size

714KB
Sample

210120-vbcf97c9tj
MD5

838c2a21783dfaa3bda9813f0e32cf89
SHA1

b4beab0f75d1462f3509b15319545c1f18c91449
SHA256

f068b16458493f485c6fa0e77281126c6672c76a4cfa0beb195cf180894e674f
SHA512

d1f3a3d923f54c2fdcce25933b9f7acf3efb538cdb732dd8a347ec27616ca5d977e4e03c4813a62042609cce6d3ae0933ca2872ebfd4f76eb2cd170c1dded116

Score

10^/10

macro macro_on_action ransomware

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

0120_91448090.doc

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0120_91448090.doc
- Size
  
  714KB
- MD5
  
  838c2a21783dfaa3bda9813f0e32cf89
- SHA1
  
  b4beab0f75d1462f3509b15319545c1f18c91449
- SHA256
  
  f068b16458493f485c6fa0e77281126c6672c76a4cfa0beb195cf180894e674f
- SHA512
  
  d1f3a3d923f54c2fdcce25933b9f7acf3efb538cdb732dd8a347ec27616ca5d977e4e03c4813a62042609cce6d3ae0933ca2872ebfd4f76eb2cd170c1dded116
Score

10^/10

ransomware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

© 2018-2024

Terms | Privacy