bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56 | Triage

Submit
Reports

Overview

overview

Static

static

8

no_internet_2.5min

windows10_x64

Resubmissions

08-02-2021 12:28

210208-x3q3889hye 10

08-02-2021 12:23

210208-t8qb7k7tc2 8

Sharing

General

Target

bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56.xlsm
Size

73KB
Sample

210208-x3q3889hye
MD5

20f9a7843d3f358a6ecfd6dd828cdd6d
SHA1

9a9b0eb8265cb116bb5bf9e1e1aa29f6ac6b621a
SHA256

bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56
SHA512

da7564e4886ca190feb0b9408165fa6b6ecc0ef2f44e6e2f7d7164fd7e609371cc6255f6128ce1bf678d4fca7895d4315b7520b2be3b6a4469053e8f789dcdea

Score

10^/10

bootkit macro ransomware xlm

Static task

static1

Behavioral task

behavioral1

Sample

bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56.xlsm

Resource

win10v20201028

bootkit ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56.xlsm
- Size
  
  73KB
- MD5
  
  20f9a7843d3f358a6ecfd6dd828cdd6d
- SHA1
  
  9a9b0eb8265cb116bb5bf9e1e1aa29f6ac6b621a
- SHA256
  
  bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56
- SHA512
  
  da7564e4886ca190feb0b9408165fa6b6ecc0ef2f44e6e2f7d7164fd7e609371cc6255f6128ce1bf678d4fca7895d4315b7520b2be3b6a4469053e8f789dcdea
Score

10^/10

bootkit ransomware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitransomware

© 2018-2024

Terms | Privacy