General

  • Target

    0120_91448090.doc

  • Size

    714KB

  • Sample

    210120-vbcf97c9tj

  • MD5

    838c2a21783dfaa3bda9813f0e32cf89

  • SHA1

    b4beab0f75d1462f3509b15319545c1f18c91449

  • SHA256

    f068b16458493f485c6fa0e77281126c6672c76a4cfa0beb195cf180894e674f

  • SHA512

    d1f3a3d923f54c2fdcce25933b9f7acf3efb538cdb732dd8a347ec27616ca5d977e4e03c4813a62042609cce6d3ae0933ca2872ebfd4f76eb2cd170c1dded116

Malware Config

Targets

    • Target

      0120_91448090.doc

    • Size

      714KB

    • MD5

      838c2a21783dfaa3bda9813f0e32cf89

    • SHA1

      b4beab0f75d1462f3509b15319545c1f18c91449

    • SHA256

      f068b16458493f485c6fa0e77281126c6672c76a4cfa0beb195cf180894e674f

    • SHA512

      d1f3a3d923f54c2fdcce25933b9f7acf3efb538cdb732dd8a347ec27616ca5d977e4e03c4813a62042609cce6d3ae0933ca2872ebfd4f76eb2cd170c1dded116

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks