Overview

overview

10

Static

static

8

ANHANGBNH2...09.doc

windows7_x64

10

ANHANGBNH2...09.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ANHANGBNH241APK8509.doc

  • Size

    167KB

  • Sample

    210121-vczl2q5vja

  • MD5

    3f8c030e172e982318033d6624a83fb2

  • SHA1

    4b5d7f7bb4db78a4c2b8a28dbcb7aadce95307e0

  • SHA256

    55984bd4c7e411162ee7a64cece9326428e54958f202c4b1f2d0c1b4e6a2840b

  • SHA512

    40451ba3965226daa6d56546d8f7edb33f98c927dcb5d46eca6b39ffbc2ce6b8bfb0e9f9709b34f4ca1d2488e0f731531c6ae66b073b596ce00a28e040243b7f

Score
10/10
macroransomwarexlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://trainwithconviction.com/wp-admin/y/
exe.dropper

http://trainwithconviction.webdmcsolutions.com/wp-admin/rEEEU/
exe.dropper

https://perrasmoore.ca/wp-admin/rM6HK/
exe.dropper

https://canadabrightway.com/wp-admin/n3/
exe.dropper

https://upinsmokebatonrouge.com/var/Ux1V/
exe.dropper

https://thelambertagency.com/staging/Vo/
exe.dropper

https://stormhansen.com/2556460492/if/

Targets

    • Target

      ANHANGBNH241APK8509.doc

    • Size

      167KB

    • MD5

      3f8c030e172e982318033d6624a83fb2

    • SHA1

      4b5d7f7bb4db78a4c2b8a28dbcb7aadce95307e0

    • SHA256

      55984bd4c7e411162ee7a64cece9326428e54958f202c4b1f2d0c1b4e6a2840b

    • SHA512

      40451ba3965226daa6d56546d8f7edb33f98c927dcb5d46eca6b39ffbc2ce6b8bfb0e9f9709b34f4ca1d2488e0f731531c6ae66b073b596ce00a28e040243b7f

    Score
    10/10
    ransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks