a6389119ceee7fddfcb0ef858f37cb3377f0fb44b223e6f5e8ab5f33128ed511 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

5m-Interne...Chrome

windows10_x64

Sharing

General

Target

question_02.26.2021.zip
Size

68KB
Sample

210309-9rnjr68cfx
MD5

26aaa1ada67befc2a1e2b5a07512eb93
SHA1

91b95f7b4f42438d90014e90ed8c1f1f363adc86
SHA256

a6389119ceee7fddfcb0ef858f37cb3377f0fb44b223e6f5e8ab5f33128ed511
SHA512

8ced48bbdbfc4f3ce4a50cc763a4af9a24d819ec51559e9d9ede9e54512ec69f0395c775630e3284de010877d5d960ac5b9b187a5fb66825c08a0072bcd4008c

Score

8^/10

bootkit macro ransomware

Static task

static1

Behavioral task

behavioral1

Sample

question_02.26.2021.doc

Resource

win10v20201028

bootkit ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  question_02.26.2021.doc
- Size
  
  91KB
- MD5
  
  3e78c2d7b361f51ea5cc8bb911f970da
- SHA1
  
  84de4d86e7886b8fe7ae6510c9f27d92c53252c1
- SHA256
  
  b616ef8a46ee3aa2706f1f54e133662bf18b32d258ccadb77ca35030c56a8537
- SHA512
  
  48436fbfaf2162f7ecfd64bb825fe7563d8ef054d4e6282141767e759ba3240ccc241711a285df25661c85b21ce225ef578d78511e7cd52c7ddcdf42c1780725
Score

8^/10

bootkit ransomware
- Executes dropped EXE
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitransomware

© 2018-2024

Terms | Privacy