1a457bbc6c53f2977963f9a5a10d6d0ef97bdc96c9dc3826aa41743376e854b6 | Triage

Submit
Reports

Overview

overview

Static

static

8

notif9551.xls

windows7_x64

notif9551.xls

windows10_x64

5

Sharing

General

Target

notif9551.xls
Size

31KB
Sample

210120-xdr1f1wvfa
MD5

8892f7bf793c729f1367f8fd0b89371d
SHA1

b491215ec214dcd8d8a37273d186d26da784ea17
SHA256

1a457bbc6c53f2977963f9a5a10d6d0ef97bdc96c9dc3826aa41743376e854b6
SHA512

b2940379f36dcc1eb2d2ca54b9559daa55b40199b6d3041167301f4c29e8ff336d27b96f718e3fd5dbec2d8ffcfd6d1829ebf10d2a7412d09400dfa13adc8abe

Score

10^/10

macro ransomware xlm

Static task

static1

Behavioral task

behavioral1

Sample

notif9551.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

notif9551.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://ezucycam.com/k.php

Targets

- Target
  
  notif9551.xls
- Size
  
  31KB
- MD5
  
  8892f7bf793c729f1367f8fd0b89371d
- SHA1
  
  b491215ec214dcd8d8a37273d186d26da784ea17
- SHA256
  
  1a457bbc6c53f2977963f9a5a10d6d0ef97bdc96c9dc3826aa41743376e854b6
- SHA512
  
  b2940379f36dcc1eb2d2ca54b9559daa55b40199b6d3041167301f4c29e8ff336d27b96f718e3fd5dbec2d8ffcfd6d1829ebf10d2a7412d09400dfa13adc8abe
Score

10^/10

ransomware
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy