Overview

overview

9

Static

static

1

a5047e2bd0...a2.hta

windows7-x64

9

a5047e2bd0...a2.hta

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    a5047e2bd000d3bfef58cb259a3d86cf192118349e0154fa2d8bef7789d9e1a2.hta

  • Size

    1.7MB

  • Sample

    240531-bwdp9saa31

  • MD5

    aa2f60e1fd83bfebcbf6291715428542

  • SHA1

    bed074cdf12de08929a81f757847351a9e597507

  • SHA256

    a5047e2bd000d3bfef58cb259a3d86cf192118349e0154fa2d8bef7789d9e1a2

  • SHA512

    8db09e7ed21ebebbdcd56946e6b1920e47ae43209ce02fec3e833ae16f3536ccf835f746f74ca833aaca570f97b52e3c18ff788c731de31316beebd43726b5e9

  • SSDEEP

    24576:syNPGVxAxkN+Z6Ok/OY1nlDJGr4JgSn0mBtDgWGC5DVvt0WsG8JjsR:sys/gWGC5DVvtB8s

Score
9/10
defense_evasionexecutionimpactransomware

Malware Config

Targets

    • Target

      a5047e2bd000d3bfef58cb259a3d86cf192118349e0154fa2d8bef7789d9e1a2.hta

    • Size

      1.7MB

    • MD5

      aa2f60e1fd83bfebcbf6291715428542

    • SHA1

      bed074cdf12de08929a81f757847351a9e597507

    • SHA256

      a5047e2bd000d3bfef58cb259a3d86cf192118349e0154fa2d8bef7789d9e1a2

    • SHA512

      8db09e7ed21ebebbdcd56946e6b1920e47ae43209ce02fec3e833ae16f3536ccf835f746f74ca833aaca570f97b52e3c18ff788c731de31316beebd43726b5e9

    • SSDEEP

      24576:syNPGVxAxkN+Z6Ok/OY1nlDJGr4JgSn0mBtDgWGC5DVvt0WsG8JjsR:sys/gWGC5DVvtB8s

    Score
    9/10
    defense_evasionexecutionimpactransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (500) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks