General
-
Target
Offer Document 24.lnk
-
Size
1KB
-
Sample
240523-wyrp5abf53
-
MD5
bf9569f5e56e6dcb1f4ae60fd2faea36
-
SHA1
1085e4140bf323df085db50b8f79c3b02b4aab72
-
SHA256
59f149ffc55554ce0aac7072bba999b5abb83b023486e017f407883f8a27e4e2
-
SHA512
2a682c59a881c95d36d56d28328253f3c8cc6ac3d466c5eefa1223cb58a12de708414a5e6f59e07f919c9e122748deb76961c1e84ec4c3e19f68afdf4cc032d9
Static task
static1
Behavioral task
behavioral1
Sample
Offer Document 24.lnk
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Offer Document 24.lnk
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://20.86.128.223/room/room4.hta
Targets
-
-
Target
Offer Document 24.lnk
-
Size
1KB
-
MD5
bf9569f5e56e6dcb1f4ae60fd2faea36
-
SHA1
1085e4140bf323df085db50b8f79c3b02b4aab72
-
SHA256
59f149ffc55554ce0aac7072bba999b5abb83b023486e017f407883f8a27e4e2
-
SHA512
2a682c59a881c95d36d56d28328253f3c8cc6ac3d466c5eefa1223cb58a12de708414a5e6f59e07f919c9e122748deb76961c1e84ec4c3e19f68afdf4cc032d9
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-