f364525bd719aefacb0453cb9eb8814d8c67b87ce0928aed13196936115f9280 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

digital.-....ZA.msi

windows7_x64

digital.-....ZA.msi

windows10_x64

Sharing

General

Target

digital.-.online C∩RWROI┐A∩┐┐┐┐M╜∩╜┐╜X╜╜A╜S┐OYW╜┐N∩YMA┐T∩╜Z∩A∩╜CHZA.msi
Size

268KB
Sample

210308-1pvvnxtfjx
MD5

3cdb1d26ef24c423f83ba602129b5b35
SHA1

ddc88f08d80382e733c4d9197ae08f795e0601f9
SHA256

f364525bd719aefacb0453cb9eb8814d8c67b87ce0928aed13196936115f9280
SHA512

b935ab83d77163d5915e8c94cd2a7fe97c89f4730a7ac77724aa7f4bec16546e57d66b4c2ffa3cb014708a26b3545a226da041f837777fddaac0d22adba20267

Score

8^/10

bootkit macro persistence ransomware xlm

Static task

static1

Behavioral task

behavioral1

Sample

digital.-.online C∩RWROI┐A∩┐┐┐┐M╜∩╜┐╜X╜╜A╜S┐OYW╜┐N∩YMA┐T∩╜Z∩A∩╜CHZA.msi

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

digital.-.online C∩RWROI┐A∩┐┐┐┐M╜∩╜┐╜X╜╜A╜S┐OYW╜┐N∩YMA┐T∩╜Z∩A∩╜CHZA.msi

Resource

win10v20201028

bootkit persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  digital.-.online C∩RWROI┐A∩┐┐┐┐M╜∩╜┐╜X╜╜A╜S┐OYW╜┐N∩YMA┐T∩╜Z∩A∩╜CHZA.msi
- Size
  
  268KB
- MD5
  
  3cdb1d26ef24c423f83ba602129b5b35
- SHA1
  
  ddc88f08d80382e733c4d9197ae08f795e0601f9
- SHA256
  
  f364525bd719aefacb0453cb9eb8814d8c67b87ce0928aed13196936115f9280
- SHA512
  
  b935ab83d77163d5915e8c94cd2a7fe97c89f4730a7ac77724aa7f4bec16546e57d66b4c2ffa3cb014708a26b3545a226da041f837777fddaac0d22adba20267
Score

8^/10

persistence bootkit ransomware
- Blocklisted process makes network request
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitpersistenceransomware

© 2018-2024

Terms | Privacy