7daf29391d16630c834ec8ade656758a5ed06a9d87aa93b317467e65c7f3d00a | Triage

Submit
Reports

Overview

overview

8

Static

static

FAX2021030...85.htm

windows7_x64

FAX2021030...85.htm

windows10_x64

Sharing

General

Target

FAX20210302-Spireip-857585.htm
Size

421KB
Sample

210302-9w2nj3fawe
MD5

87e553967c32364d544c4343e3405201
SHA1

f8cad83bd01a6edfc7f3a4543d587794c71e1d3a
SHA256

7daf29391d16630c834ec8ade656758a5ed06a9d87aa93b317467e65c7f3d00a
SHA512

b34c679e07237b9b381cf7b6aed14c9174633ca27c9d142f6e2d47831312821cc9cdf3f92413c9a76265e305159bb31fbfa112e4755f41215fccd111c3cf1243

Score

8^/10

bootkit ransomware

Static task

static1

Behavioral task

behavioral1

Sample

FAX20210302-Spireip-857585.htm

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FAX20210302-Spireip-857585.htm

Resource

win10v20201028

bootkit ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  FAX20210302-Spireip-857585.htm
- Size
  
  421KB
- MD5
  
  87e553967c32364d544c4343e3405201
- SHA1
  
  f8cad83bd01a6edfc7f3a4543d587794c71e1d3a
- SHA256
  
  7daf29391d16630c834ec8ade656758a5ed06a9d87aa93b317467e65c7f3d00a
- SHA512
  
  b34c679e07237b9b381cf7b6aed14c9174633ca27c9d142f6e2d47831312821cc9cdf3f92413c9a76265e305159bb31fbfa112e4755f41215fccd111c3cf1243
Score

8^/10

bootkit ransomware
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitransomware

© 2018-2024

Terms | Privacy