Overview

overview

10

Static

static

1

PROD_Start...ck.hta

windows7-x64

10

PROD_Start...ck.hta

windows10-2004-x64

8

Resubmissions

23/10/2023, 04:45

231023-fdm87sea6v 10

23/10/2023, 04:37

231023-e9bdvafh73 10

04/09/2023, 03:53

230904-efq77sea66 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    PROD_Start_DriverPack.hta

  • Size

    1KB

  • Sample

    231023-fdm87sea6v

  • MD5

    dda846a4704efc2a03e1f8392e6f1ffc

  • SHA1

    387171a06eee5a76aaedc3664385bb89703cf6df

  • SHA256

    e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25

  • SHA512

    5cc5ad3fbdf083a87a65be76869bca844faa2d9be25657b45ad070531892f20d9337739590dd8995bca03ce23e9cb611129fe2f8457879b6263825d6df49da7a

Score
10/10
evasionupx

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://dwrapper-prod.herokuapp.com/bin/watcher.html

Targets

    • Target

      PROD_Start_DriverPack.hta

    • Size

      1KB

    • MD5

      dda846a4704efc2a03e1f8392e6f1ffc

    • SHA1

      387171a06eee5a76aaedc3664385bb89703cf6df

    • SHA256

      e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25

    • SHA512

      5cc5ad3fbdf083a87a65be76869bca844faa2d9be25657b45ad070531892f20d9337739590dd8995bca03ce23e9cb611129fe2f8457879b6263825d6df49da7a

    Score
    10/10
    evasionupx

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks