b1fd8a4efda12d4ce3f7fa8adaf705dbab2b3b73434334c1fcb2306ff1d390b1 | Triage

Sharing

General

Target

verify-captcha-987.b-cdn.net.ps1
Size

147B
Sample

240808-28wdyssbpr
MD5

461d549b45e71d09f616ea14cf0f46d2
SHA1

eb06f635e30520fd8e764a3c6fc1216c798400c7
SHA256

b1fd8a4efda12d4ce3f7fa8adaf705dbab2b3b73434334c1fcb2306ff1d390b1
SHA512

ea3dc372f83d76964b01a0437febaef0b725267af8a2e72d55995e301ed5fea02d1792900e4ef7dee5068f2e41d96f7cdb12ed6932fff8637562e64fddb93b4f

Score

10^/10

execution

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://microsoftcamp-c3.b-cdn.net/camp-v1

Extracted

Language

hta

Source

URLs

hta.dropper

https://microsoftcamp-c3.b-cdn.net/camp-v1

Targets

- Target
  
  verify-captcha-987.b-cdn.net.ps1
- Size
  
  147B
- MD5
  
  461d549b45e71d09f616ea14cf0f46d2
- SHA1
  
  eb06f635e30520fd8e764a3c6fc1216c798400c7
- SHA256
  
  b1fd8a4efda12d4ce3f7fa8adaf705dbab2b3b73434334c1fcb2306ff1d390b1
- SHA512
  
  ea3dc372f83d76964b01a0437febaef0b725267af8a2e72d55995e301ed5fea02d1792900e4ef7dee5068f2e41d96f7cdb12ed6932fff8637562e64fddb93b4f
Score

10^/10

execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3