Overview

overview

10

Static

static

8

Calculatio...1.xlsm

windows7_x64

Calculatio...1.xlsm

windows10_x64

Resubmissions

11-02-2021 07:36

210211-2k1q8nd35e 10

11-02-2021 07:27

210211-5lhg1d67re 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8b8923e-79b8-4df5-9319-f5fb28d55b79.zip

  • Size

    23KB

  • Sample

    210211-5lhg1d67re

  • MD5

    364f13f27020610273ec60ea351f18c3

  • SHA1

    59cbe0b966a7c76a3f2ec508b692449f0d76aa0f

  • SHA256

    3f40ecc537e282b0e4b62e91e6d1d59d6bf1ee758d6de957c7241033b5c57088

  • SHA512

    1dfc40e49890e300d2605a5b890d40b41b6fb2955a8352abe6919965b7d6b08ff6b7f7d6c69d1e1908165f667b90131c979da9c40bbc3cbaaca4ee9bc74171f5

Score
10/10
bootkitmacroransomwarexlm

Malware Config

Targets

    • Target

      Calculation-292244811-01262021.xlsm

    • Size

      25KB

    • MD5

      60c73c459b141b7a0a6b2be771d0ca46

    • SHA1

      cf9d2a4535c57d380176ea6a5721eea6371cfce0

    • SHA256

      b60b7978c25a388825519e39fc1ce526ddb0828396f149b77914184b34d14c47

    • SHA512

      b8ece448ddbc1810bf005b96ac879a40c9c8cb73c0f460b026bff9308f5fb5178b92c857336005697a0568c9a816057d960c945a11d51e439b882553668063fe

    Score
    10/10
    bootkitransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks