Extracted

• • Target

    nicetokissthebestthingsiwantotgetmebackwith.hta

  • Size

    130KB

  • MD5

    b581033fd1ba02c7724802d3ccda9b5b

  • SHA1

    ad4484b11cfd436200542cc8e4fbaebcb7491bf8

  • SHA256

    008009858f9248a8d5f220f5f4a999438ec8c6218e97560ccde06b35cebd3fe4

  • SHA512

    12c49b5ace4caf4ee56726ab8c19ace2e95f5a8c5478edd9f3076dcd3a659f6aa0240fbad95083657512cb22a4d8c5d0f57c1374e1dddc90f7f56389daac8d47

  • SSDEEP

    192:Ea2xiqX85ziqI8o33MAEyNiqIiqaH8niqyCT:UxR85za88MZ0Kw8nX

  Score

  10^/10

  defense_evasiondiscoveryexecution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Evasion via Device Credential Deployment

    defense_evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2