0cac31ef407c48dcee47193048f749d04d574b3f2df85f217eff7be438988570 | Triage

Sharing

General

Target

b1fd8a4efda12d4ce3f7fa8adaf705dbab2b3b73434334c1fcb2306ff1d390b1.zip
Size

393B
Sample

240809-n8z59athmf
MD5

4294997f08f93700593ef9c227af7925
SHA1

51b0ca8c1810025a488752560582e3febfce7177
SHA256

0cac31ef407c48dcee47193048f749d04d574b3f2df85f217eff7be438988570
SHA512

f29ada5b7a464ae7da4275ff4bc9a0278f359868576674eced5bba75af7fc5a80811bd934fa28122d67035a8dd320b41604416e1959ab9ab262b7d3ce4cf6876

Score

10^/10

execution

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://microsoftcamp-c3.b-cdn.net/camp-v1

Extracted

Language

hta

Source

URLs

hta.dropper

https://microsoftcamp-c3.b-cdn.net/camp-v1

Targets

- Target
  
  b1fd8a4efda12d4ce3f7fa8adaf705dbab2b3b73434334c1fcb2306ff1d390b1.ps1
- Size
  
  147B
- MD5
  
  461d549b45e71d09f616ea14cf0f46d2
- SHA1
  
  eb06f635e30520fd8e764a3c6fc1216c798400c7
- SHA256
  
  b1fd8a4efda12d4ce3f7fa8adaf705dbab2b3b73434334c1fcb2306ff1d390b1
- SHA512
  
  ea3dc372f83d76964b01a0437febaef0b725267af8a2e72d55995e301ed5fea02d1792900e4ef7dee5068f2e41d96f7cdb12ed6932fff8637562e64fddb93b4f
Score

10^/10

execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2