Overview

overview

10

Static

static

8

Details-21...96.doc

windows7_x64

10

Details-21...96.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Details-2199-0018595796.doc

  • Size

    162KB

  • Sample

    210122-tl7x87bjvj

  • MD5

    818b1ab912b03f7224b2be26ec05ac64

  • SHA1

    bfe77955067bed43c5c95996aba948d3ed0d7703

  • SHA256

    caede708b38ca301f7c2d14f3dec3ccf02e0312f4f8a2b21b26d7bf6ea714206

  • SHA512

    84478c4a233508a6bb37a7fedefcb90ee6176c41988d226fd76c0ff995659c46be33fdbed383fa6bba00c1585e28e681362ce82dfb08da8cf787fe6db19399b8

Score
10/10
macroransomwarexlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://zhongshixingchuang.com/wp-admin/N2X3/
exe.dropper

http://members.nlbformula.com/cgi-bin/vazlwkU/
exe.dropper

http://dynamicsteels.com/can-you-lpy7p/MaJIcT/
exe.dropper

https://www.lixko.com/wp-includes/LEq9VJd/
exe.dropper

https://srishtiherbs.com/jms/bq8/
exe.dropper

https://surfboarddigital.com/carol-stream-i7lsj/8e/
exe.dropper

https://unikaryapools.com/wp/ysFiRq1/

Targets

    • Target

      Details-2199-0018595796.doc

    • Size

      162KB

    • MD5

      818b1ab912b03f7224b2be26ec05ac64

    • SHA1

      bfe77955067bed43c5c95996aba948d3ed0d7703

    • SHA256

      caede708b38ca301f7c2d14f3dec3ccf02e0312f4f8a2b21b26d7bf6ea714206

    • SHA512

      84478c4a233508a6bb37a7fedefcb90ee6176c41988d226fd76c0ff995659c46be33fdbed383fa6bba00c1585e28e681362ce82dfb08da8cf787fe6db19399b8

    Score
    10/10
    ransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks