4a8104ac7432fec3409e70b336511f5863209cca9271d6e81396463afa66a18c

Analysis

Target

Transaction_Amount_215000_pdf.hta
Size

1.8MB
MD5

0b9b2bf97ce805ca5930966fb4da967a
SHA1

ca14beb08d0034be0c850910d0c0b937fb505c11
SHA256

4a8104ac7432fec3409e70b336511f5863209cca9271d6e81396463afa66a18c
SHA512

34c8b2522ed3af71038c81c4c4abd4589ee2255171dce9b41510e07e606cff20469c610b27b659e915294bc3877fd80222e93dc728ae31f8db26b6e242791e23

Score

8^/10

Blocklisted process makes network request 64 IoCs

Processes:

mshta.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

mshta.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main mshta.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

memory/2024-59-0x0000000005460000-0x0000000005461000-memory.dmp

Filesize
4KB

Download
memory/2024-60-0x0000000005466000-0x0000000005467000-memory.dmp

Filesize
4KB

Download
memory/2024-61-0x0000000006700000-0x000000000734A000-memory.dmp

Filesize
12.3MB

Download
memory/2024-62-0x0000000006700000-0x000000000734A000-memory.dmp

Filesize
12.3MB

Download