Overview

overview

8

Static

static

sds.hta

windows7_x64

8

sds.hta

windows10_x64

3

Analysis

  • max time kernel
    1563s
  • max time network
    1604s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    22-07-2021 02:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sds.hta

  • Size

    2KB

  • MD5

    f8f46135633afaa03568145c8d1316c4

  • SHA1

    199c13fc844d44188a8883324c176ce422a97ca6

  • SHA256

    83a2b8f097269bd8fb5a70725a3cbfee5308300b197368308e3a5adba849111d

  • SHA512

    ee55ca0e35efaa1e5d6168cc0ce9f6d0315eb209eb1733c905cbe7fe98cd8511fa7f00e5155b0960b97c750c580104a11bc3fefc4bd31cfa049710aa604c13d5

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\mshta.exe
    C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\sds.hta"
    1⤵
    • Blocklisted process makes network request
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" c:\users\public\girlGirlBoys.jpg
      2⤵
        PID:300

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \??\c:\users\public\girlGirlBoys.jpg
      MD5

      78e3f08e416740e064779f0301d15085

      SHA1

      06cb8e53e9299f713629316f9dcc2fe4991ad1fd

      SHA256

      eed0186dd421c6ea6e612189b746f38f23545391450227555fa2d56239de1335

      SHA512

      582b765af71ef25c5ccb07a92f45851d8be2248d11dd51e17a643621d7a7903b9ccbc2829d32d082d94bf7c1fd18d5ab46bb02c79d90d7e0a21da44117b5a2bd

      Download Submit
    • memory/300-61-0x0000000000000000-mapping.dmp
      Download
    • memory/300-64-0x00000000001F0000-0x00000000001F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1304-60-0x0000000075551000-0x0000000075553000-memory.dmp
      Filesize

      8KB

      Download