a9ce91d25970df14a0a489bbeb9976adb7dcf7fc122b7e17df8aae35b6c0f986 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NBSL542S5W.VBS.vbs
Size

1KB
Sample

220919-j15csafeg5
MD5

82b5e95dbb2e142da5ed868a01c8358e
SHA1

7c23444c67fe2f2e663635a8789276060da56af5
SHA256

a9ce91d25970df14a0a489bbeb9976adb7dcf7fc122b7e17df8aae35b6c0f986
SHA512

74d00a47d6ffebf295e803b660cb6806e20228cc491b9cb0baf7a56f4230d35cde5ac87d77d371baeda6bf82b04a6ad571397eda701c8e3c60c40474c0d27c9a

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://upmnc.com/images/sff.txt

Targets

- Target
  
  NBSL542S5W.VBS.vbs
- Size
  
  1KB
- MD5
  
  82b5e95dbb2e142da5ed868a01c8358e
- SHA1
  
  7c23444c67fe2f2e663635a8789276060da56af5
- SHA256
  
  a9ce91d25970df14a0a489bbeb9976adb7dcf7fc122b7e17df8aae35b6c0f986
- SHA512
  
  74d00a47d6ffebf295e803b660cb6806e20228cc491b9cb0baf7a56f4230d35cde5ac87d77d371baeda6bf82b04a6ad571397eda701c8e3c60c40474c0d27c9a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2