Overview

overview

10

Static

static

MicrosoftUpdate.hta

windows7_x64

10

MicrosoftUpdate.hta

windows10_x64

8

Resubmissions

25-06-2021 19:32

210625-6wc8e9cwj2 8

17-01-2021 18:55

210117-eh6j4sptaa 10

22-12-2020 13:14

201222-pnne3mqwlx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MicrosoftUpdate.hta

  • Size

    26KB

  • Sample

    210117-eh6j4sptaa

  • MD5

    12cd7a34e347311c7f07b5b10adb1266

  • SHA1

    fc35180c4e3f0e95e02b163ddbd79ce4151e3ee4

  • SHA256

    8e911752a92e891fd37232961a6d23e3af83f3ea015389a99df9cad6c9e3f869

  • SHA512

    31e4558f4fa8e9adc1e288b025ad3085f89abf3a89bb6a3857cea773c25cd97efb01cb5e814dc6f91766042f7ce1f007e621b84f09500d3672d5828a584c0e38

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://cutt.ly/agV2Ekk

Targets

    • Target

      MicrosoftUpdate.hta

    • Size

      26KB

    • MD5

      12cd7a34e347311c7f07b5b10adb1266

    • SHA1

      fc35180c4e3f0e95e02b163ddbd79ce4151e3ee4

    • SHA256

      8e911752a92e891fd37232961a6d23e3af83f3ea015389a99df9cad6c9e3f869

    • SHA512

      31e4558f4fa8e9adc1e288b025ad3085f89abf3a89bb6a3857cea773c25cd97efb01cb5e814dc6f91766042f7ce1f007e621b84f09500d3672d5828a584c0e38

    Score
    10/10

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks