1606bb5862b141d62f6029f51bfa63731edf851977c7f9e5610edb6f0d94849e | Triage

Submit
Reports

Overview

overview

Static

static

8

1606bb5862...e.xlsm

windows7_x64

1606bb5862...e.xlsm

windows10_x64

Sharing

General

Target

1606bb5862b141d62f6029f51bfa63731edf851977c7f9e5610edb6f0d94849e
Size

25KB
Sample

210122-tpf9dkdw4n
MD5

17b9ffb54e11d01b0f64151c0f44cabe
SHA1

c9e52f252a5756325b068af4aec9b4a29842dce5
SHA256

1606bb5862b141d62f6029f51bfa63731edf851977c7f9e5610edb6f0d94849e
SHA512

337c2d43cf45d3b345cb4b3635f3fd233baa536d37fee18467cba017e5b4c8818bb70c9b7404b17cb21a90ff73fcb1c1a27c0c2af17a622009e19a19c2e413f9

Score

10^/10

macro ransomware xlm

Static task

static1

Behavioral task

behavioral1

Sample

1606bb5862b141d62f6029f51bfa63731edf851977c7f9e5610edb6f0d94849e.xlsm

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1606bb5862b141d62f6029f51bfa63731edf851977c7f9e5610edb6f0d94849e.xlsm

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://leafybuy.com/norzygt/5555555555.jpg

Targets

- Target
  
  1606bb5862b141d62f6029f51bfa63731edf851977c7f9e5610edb6f0d94849e
- Size
  
  25KB
- MD5
  
  17b9ffb54e11d01b0f64151c0f44cabe
- SHA1
  
  c9e52f252a5756325b068af4aec9b4a29842dce5
- SHA256
  
  1606bb5862b141d62f6029f51bfa63731edf851977c7f9e5610edb6f0d94849e
- SHA512
  
  337c2d43cf45d3b345cb4b3635f3fd233baa536d37fee18467cba017e5b4c8818bb70c9b7404b17cb21a90ff73fcb1c1a27c0c2af17a622009e19a19c2e413f9
Score

10^/10

ransomware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy