General
-
Target
downloadingupd.hta
-
Size
1.2MB
-
Sample
230725-xp2dmsfd32
-
MD5
9a8ccd2fbf7800e3fb750f84fe1a8771
-
SHA1
11311b36cb225b070fb9e27b84b7502635485bc1
-
SHA256
e64fb3d5024306678f9f85e1c009b4a285eb1a9ef6c81d2e4a1d3eca7740d841
-
SHA512
5416a00669dd8f0116461cc93657b8a425faa857dadb496fd983743d2890a27e3a5d7fa2c30e13009fcdabd9beb24975b22b3131dbac61fd3ba0449bd3eef9da
-
SSDEEP
3072:u2mvy8TrsZuS135EmoyZVNdtQIKwxD9DZkEj:dmvy80sSTTZd9dBj
Static task
static1
Behavioral task
behavioral1
Sample
downloadingupd.hta
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
downloadingupd.hta
-
Size
1.2MB
-
MD5
9a8ccd2fbf7800e3fb750f84fe1a8771
-
SHA1
11311b36cb225b070fb9e27b84b7502635485bc1
-
SHA256
e64fb3d5024306678f9f85e1c009b4a285eb1a9ef6c81d2e4a1d3eca7740d841
-
SHA512
5416a00669dd8f0116461cc93657b8a425faa857dadb496fd983743d2890a27e3a5d7fa2c30e13009fcdabd9beb24975b22b3131dbac61fd3ba0449bd3eef9da
-
SSDEEP
3072:u2mvy8TrsZuS135EmoyZVNdtQIKwxD9DZkEj:dmvy80sSTTZd9dBj
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-