Analysis
-
max time kernel
1790s -
max time network
1839s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
11-06-2021 02:24
Static task
static1
Behavioral task
behavioral1
Sample
Transaction_Amount_215000_pdf.hta
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Transaction_Amount_215000_pdf.hta
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
Transaction_Amount_215000_pdf.hta
-
Size
1.8MB
-
MD5
0b9b2bf97ce805ca5930966fb4da967a
-
SHA1
ca14beb08d0034be0c850910d0c0b937fb505c11
-
SHA256
4a8104ac7432fec3409e70b336511f5863209cca9271d6e81396463afa66a18c
-
SHA512
34c8b2522ed3af71038c81c4c4abd4589ee2255171dce9b41510e07e606cff20469c610b27b659e915294bc3877fd80222e93dc728ae31f8db26b6e242791e23
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
Processes:
mshta.exeflow pid process 6 2024 mshta.exe 7 2024 mshta.exe 8 2024 mshta.exe 9 2024 mshta.exe 10 2024 mshta.exe 12 2024 mshta.exe 13 2024 mshta.exe 14 2024 mshta.exe 15 2024 mshta.exe 16 2024 mshta.exe 17 2024 mshta.exe 19 2024 mshta.exe 20 2024 mshta.exe 21 2024 mshta.exe 22 2024 mshta.exe 23 2024 mshta.exe 24 2024 mshta.exe 26 2024 mshta.exe 27 2024 mshta.exe 28 2024 mshta.exe 29 2024 mshta.exe 30 2024 mshta.exe 31 2024 mshta.exe 33 2024 mshta.exe 34 2024 mshta.exe 35 2024 mshta.exe 36 2024 mshta.exe 37 2024 mshta.exe 38 2024 mshta.exe 40 2024 mshta.exe 41 2024 mshta.exe 42 2024 mshta.exe 43 2024 mshta.exe 44 2024 mshta.exe 45 2024 mshta.exe 47 2024 mshta.exe 48 2024 mshta.exe 49 2024 mshta.exe 50 2024 mshta.exe 51 2024 mshta.exe 52 2024 mshta.exe 54 2024 mshta.exe 55 2024 mshta.exe 56 2024 mshta.exe 57 2024 mshta.exe 58 2024 mshta.exe 59 2024 mshta.exe 61 2024 mshta.exe 62 2024 mshta.exe 63 2024 mshta.exe 64 2024 mshta.exe 65 2024 mshta.exe 66 2024 mshta.exe 68 2024 mshta.exe 69 2024 mshta.exe 70 2024 mshta.exe 71 2024 mshta.exe 72 2024 mshta.exe 73 2024 mshta.exe 75 2024 mshta.exe 76 2024 mshta.exe 77 2024 mshta.exe 78 2024 mshta.exe 79 2024 mshta.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Processes:
mshta.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main mshta.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2024-59-0x0000000005460000-0x0000000005461000-memory.dmpFilesize
4KB
-
memory/2024-60-0x0000000005466000-0x0000000005467000-memory.dmpFilesize
4KB
-
memory/2024-61-0x0000000006700000-0x000000000734A000-memory.dmpFilesize
12.3MB
-
memory/2024-62-0x0000000006700000-0x000000000734A000-memory.dmpFilesize
12.3MB