Overview

overview

8

Static

static

8

8776139.docm

windows7_x64

5

8776139.docm

windows10_x64

5

Resubmissions

26-01-2021 15:48

210126-pmyenxgs76 10

22-01-2021 07:59

210122-fxn8cqm1we 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8776139.docm

  • Size

    70KB

  • Sample

    210122-fxn8cqm1we

  • MD5

    b4d9b636a96350a5d2b08a85fa67206e

  • SHA1

    487cd577e95eced143030254ccbefb4ab15338c7

  • SHA256

    409ed829f19024045d26cc5d3a06e15a097605e13ba938875eca054a7a4a30b1

  • SHA512

    19cfc08cdbb366a89888b829008c0e4391cb215e5e93076d30a7dfeba9cf64ce4049f2294d77c9170eee2e0722961d4ef9ca60126fc04782f73465600e103fca

Score
8/10
macroransomware

Malware Config

Targets

    • Target

      8776139.docm

    • Size

      70KB

    • MD5

      b4d9b636a96350a5d2b08a85fa67206e

    • SHA1

      487cd577e95eced143030254ccbefb4ab15338c7

    • SHA256

      409ed829f19024045d26cc5d3a06e15a097605e13ba938875eca054a7a4a30b1

    • SHA512

      19cfc08cdbb366a89888b829008c0e4391cb215e5e93076d30a7dfeba9cf64ce4049f2294d77c9170eee2e0722961d4ef9ca60126fc04782f73465600e103fca

    Score
    5/10
    ransomware

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks