54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f.doc
Size

43KB
Sample

230329-zkafgahh34
MD5

0f77143ce98d0b9f69c802789e3b1713
SHA1

7da4e8b743478370fa41fe39a45e3ff2ca2194b3
SHA256

54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f
SHA512

e212da7ad8b811b9a6b992c8fd34311cac52a9eca3dc42fcc78a0185ee277d10dc5aed70c8a3fcdc358e2cc5b3dd2a0d620b36cf32a6fea8fcda72906a8121e2
SSDEEP

768:pwP3KbI0FapuYUltt0jFj0unQY6nlG+9itYi:pe3Kb3ap1V0IlI0+9E

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://christinadudley.com/public_html/includes/common/Qfnaq0.hta

Targets

- Target
  
  54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f.doc
- Size
  
  43KB
- MD5
  
  0f77143ce98d0b9f69c802789e3b1713
- SHA1
  
  7da4e8b743478370fa41fe39a45e3ff2ca2194b3
- SHA256
  
  54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f
- SHA512
  
  e212da7ad8b811b9a6b992c8fd34311cac52a9eca3dc42fcc78a0185ee277d10dc5aed70c8a3fcdc358e2cc5b3dd2a0d620b36cf32a6fea8fcda72906a8121e2
- SSDEEP
  
  768:pwP3KbI0FapuYUltt0jFj0unQY6nlG+9itYi:pe3Kb3ap1V0IlI0+9E
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2