2d2e79ecc89830b11ecc30cf9a164e53a87a222d26d46cce373f0feacf07e7b1 | Triage

Sharing

General

Target

2d2e79ecc89830b11ecc30cf9a164e53a87a222d26d46cce373f0feacf07e7b1.hta
Size

7KB
Sample

240826-be1hpswcke
MD5

a7ad83b26f4ec2b3f42dd4db7d979a87
SHA1

d643f410e4aa5f17f8a7558a36e6eac4942ef09e
SHA256

2d2e79ecc89830b11ecc30cf9a164e53a87a222d26d46cce373f0feacf07e7b1
SHA512

3299f636790161db1c2fb9bba79b7958b2dfa54a799fdbe3853fc605f49560e334f404395c14dd792f18b08ff85f6fb262cb59f0bed1af11d2643d449e04f749
SSDEEP

192:W9JiHu2IepBfpsvWMa5JnhsN2MW9+cWFA/SBPEzbNljZtphqz2C:Bu2sWMa3yNLcWFA/B37jrphLC

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  2d2e79ecc89830b11ecc30cf9a164e53a87a222d26d46cce373f0feacf07e7b1.hta
- Size
  
  7KB
- MD5
  
  a7ad83b26f4ec2b3f42dd4db7d979a87
- SHA1
  
  d643f410e4aa5f17f8a7558a36e6eac4942ef09e
- SHA256
  
  2d2e79ecc89830b11ecc30cf9a164e53a87a222d26d46cce373f0feacf07e7b1
- SHA512
  
  3299f636790161db1c2fb9bba79b7958b2dfa54a799fdbe3853fc605f49560e334f404395c14dd792f18b08ff85f6fb262cb59f0bed1af11d2643d449e04f749
- SSDEEP
  
  192:W9JiHu2IepBfpsvWMa5JnhsN2MW9+cWFA/SBPEzbNljZtphqz2C:Bu2sWMa3yNLcWFA/B37jrphLC
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution