020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0 | Triage

Submit
Reports

Overview

overview

Static

static

8

emotet_doc2

windows10_x64

Sharing

General

Target

020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0
Size

167KB
Sample

210121-1jdyn9sdva
MD5

8c2d4a6d6727630c0728672c2ff55f4b
SHA1

e6d79e49ad47880722fda9d27fb80b147768e1e3
SHA256

020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0
SHA512

a2a3ed01573af67e6decb2dcb9d761b0092f290eaa745c58f1475a8967c81d0edc145b7ae40b14d6666ec539c180fa0da720b0e33e056157b9ab4c5d7adfb3e0

Score

10^/10

macro ransomware xlm

Static task

static1

Behavioral task

behavioral1

Sample

020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0.doc

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://covisiononeness.org/new/F9v/

exe.dropper

https://www.oshiscafe.com/wp-admin/5Dm/

exe.dropper

https://lionrockbatteries.com/wp-snapshots/C/

exe.dropper

https://www.schmuckfeder.net/reference/ubpV/

exe.dropper

http://cirteklink.com/F0xAutoConfig/1Zb4/

exe.dropper

https://nimbledesign.miami/wp-admin/C/

exe.dropper

http://xunhong.net/sys-cache/D0/

Targets

- Target
  
  020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0
- Size
  
  167KB
- MD5
  
  8c2d4a6d6727630c0728672c2ff55f4b
- SHA1
  
  e6d79e49ad47880722fda9d27fb80b147768e1e3
- SHA256
  
  020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0
- SHA512
  
  a2a3ed01573af67e6decb2dcb9d761b0092f290eaa745c58f1475a8967c81d0edc145b7ae40b14d6666ec539c180fa0da720b0e33e056157b9ab4c5d7adfb3e0
Score

10^/10

ransomware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy