Extracted

• • Target

    db31b117dac71c5b27b572527b40c756df4c04b94e33dafc6e798dff6c69e904.hta

  • Size

    130KB

  • MD5

    611e9ca8b26d298c4d384206e385e10c

  • SHA1

    73544dca3a9bd4907bd4c9027b0468b0f8094173

  • SHA256

    db31b117dac71c5b27b572527b40c756df4c04b94e33dafc6e798dff6c69e904

  • SHA512

    8c47b4d1a5419c1828ca4efaeeffc19a843a7f52113b5ebe2a5ff0a9bb385121496e6c56c8666414652f856d743de3e92c49ba9ab2cdad4124a9a75a2cae64d5

  • SSDEEP

    96:Eam7kD8LnZNp6D8OknZNpjwoOoYRMOD8ldD82q3bZknZNpAuED8r7T:Ea2kYNv6Ydvj9GYnY6vvEYXT

  Score

  10^/10

  defense_evasiondiscoveryexecution

  • Blocklisted process makes network request

  • Evasion via Device Credential Deployment

    defense_evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution
  behavioral1behavioral2