e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25 | Triage

Submit
Reports

Overview

overview

Static

static

1

PROD_Start...ck.hta

windows7-x64

PROD_Start...ck.hta

windows10-2004-x64

8

Sharing

General

Target

PROD_Start_DriverPack.hta
Size

1KB
Sample

240921-akcs6awejl
MD5

dda846a4704efc2a03e1f8392e6f1ffc
SHA1

387171a06eee5a76aaedc3664385bb89703cf6df
SHA256

e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25
SHA512

5cc5ad3fbdf083a87a65be76869bca844faa2d9be25657b45ad070531892f20d9337739590dd8995bca03ce23e9cb611129fe2f8457879b6263825d6df49da7a

Score

10^/10

defense_evasion discovery dropper evasion persistence privilege_escalation upx

Static task

static1

Behavioral task

behavioral1

Sample

PROD_Start_DriverPack.hta

Resource

win7-20240708-en

defense_evasion discovery dropper evasion persistence privilege_escalation upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

PROD_Start_DriverPack.hta

Resource

win10v2004-20240802-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://dwrapper-prod.herokuapp.com/bin/watcher.html

Targets

- Target
  
  PROD_Start_DriverPack.hta
- Size
  
  1KB
- MD5
  
  dda846a4704efc2a03e1f8392e6f1ffc
- SHA1
  
  387171a06eee5a76aaedc3664385bb89703cf6df
- SHA256
  
  e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25
- SHA512
  
  5cc5ad3fbdf083a87a65be76869bca844faa2d9be25657b45ad070531892f20d9337739590dd8995bca03ce23e9cb611129fe2f8457879b6263825d6df49da7a
Score

10^/10

defense_evasion discovery dropper evasion persistence privilege_escalation upx
- Blocklisted process makes network request
- Download via BitsAdmin
  dropper
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Access Token Manipulation

Create Process with Token

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Access Token Manipulation

Create Process with Token

BITS Jobs

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverydropperevasionpersistenceprivilege_escalationupx

behavioral2

© 2018-2025

Terms | Privacy