Overview

overview

10

Static

static

8

7e4670540c...8.docm

windows7_x64

10

7e4670540c...8.docm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e4670540c176586d4d4a3ab854584dec70d14258236e716e8807a699f4238a8

  • Size

    21KB

  • Sample

    220520-3grgcsbggj

  • MD5

    68703d8cedb9a7eb60e981edf3139600

  • SHA1

    c51afd15c9094315807afa271037295eb001d5f4

  • SHA256

    7e4670540c176586d4d4a3ab854584dec70d14258236e716e8807a699f4238a8

  • SHA512

    7bb915317720dee5849cbd9e99d8ca1b00ccd84c974f2f8821f7c8c7fda4d4553d589079cebb162a52d021382d81fdb79f4fa1672c90f509f0060392039686ee

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.huikeshoven.net/rWareSample/execute-ransomware.bat

Targets

    • Target

      7e4670540c176586d4d4a3ab854584dec70d14258236e716e8807a699f4238a8

    • Size

      21KB

    • MD5

      68703d8cedb9a7eb60e981edf3139600

    • SHA1

      c51afd15c9094315807afa271037295eb001d5f4

    • SHA256

      7e4670540c176586d4d4a3ab854584dec70d14258236e716e8807a699f4238a8

    • SHA512

      7bb915317720dee5849cbd9e99d8ca1b00ccd84c974f2f8821f7c8c7fda4d4553d589079cebb162a52d021382d81fdb79f4fa1672c90f509f0060392039686ee

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks