Overview

overview

10

Static

static

8

intelligen...20.doc

windows7_x64

10

intelligen...20.doc

windows10_x64

10

Resubmissions

21-01-2021 15:22

210121-qwg92t3xgj 10

21-01-2021 15:09

210121-dv7rvp9b5e 10

21-12-2020 23:00

201221-c1vx2ve4rn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    intelligence 12.20.doc

  • Size

    80KB

  • Sample

    210121-dv7rvp9b5e

  • MD5

    2eac8507ab396c2e9476ae91a2bf92af

  • SHA1

    fbbf0822676e29969047b1e0d0ba85704183445e

  • SHA256

    e2a4320528f9332872848340b5d6a5cffadca8596567e245eb5a401c8ef918b6

  • SHA512

    baa5d0d27031999ee4c8f4f8424807f2f9e1645a2ee455bfe31a559b9821ad519f942ada5225b54a459bdc6422837065ae88a41caa907a7865d8891624cdcbfe

Score
10/10
macroransomware

Malware Config

Targets

    • Target

      intelligence 12.20.doc

    • Size

      80KB

    • MD5

      2eac8507ab396c2e9476ae91a2bf92af

    • SHA1

      fbbf0822676e29969047b1e0d0ba85704183445e

    • SHA256

      e2a4320528f9332872848340b5d6a5cffadca8596567e245eb5a401c8ef918b6

    • SHA512

      baa5d0d27031999ee4c8f4f8424807f2f9e1645a2ee455bfe31a559b9821ad519f942ada5225b54a459bdc6422837065ae88a41caa907a7865d8891624cdcbfe

    Score
    10/10
    ransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks