327ad4d30b5753ad6fc8fae90614cb09134d110cb0b106fb2aaaf55b378dfaaa | Triage

Submit
Reports

Overview

overview

Static

static

1

sample.html

windows10-2004-x64

sample.html

windows11-21h2-x64

5

Sharing

General

Target

sample
Size

807KB
Sample

241117-v8hpjavfkj
MD5

5d87fd1e838fcbebd8f59a5ee4459f43
SHA1

90b9b5eb74e6bb69daf0d0e41e03fdaaa5dfee6b
SHA256

327ad4d30b5753ad6fc8fae90614cb09134d110cb0b106fb2aaaf55b378dfaaa
SHA512

b26d6505fca27c95e3fa8f9ef6c5899e9b672373265dc33e862547db0d814b8d79701a7bc502c9edb3412d2905f5fb512a1033d8d96f8e0eed5423661f3f299b
SSDEEP

12288:y6oMYOGLgXC8MbC/V8s0iId76Sqih1s1mIv4vyXezfSe9cOTeUovR8B6dUlT48e1:y6G2UjTbtTleco

Score

10^/10

google microsoft steam defense_evasion discovery persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win10v2004-20241007-en

google microsoft steam defense_evasion discovery persistence phishing

windows10-2004-x64

35 signatures

1800 seconds

Behavioral task

behavioral2

Sample

sample.html

Resource

win11-20241007-en

windows11-21h2-x64

8 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  807KB
- MD5
  
  5d87fd1e838fcbebd8f59a5ee4459f43
- SHA1
  
  90b9b5eb74e6bb69daf0d0e41e03fdaaa5dfee6b
- SHA256
  
  327ad4d30b5753ad6fc8fae90614cb09134d110cb0b106fb2aaaf55b378dfaaa
- SHA512
  
  b26d6505fca27c95e3fa8f9ef6c5899e9b672373265dc33e862547db0d814b8d79701a7bc502c9edb3412d2905f5fb512a1033d8d96f8e0eed5423661f3f299b
- SSDEEP
  
  12288:y6oMYOGLgXC8MbC/V8s0iId76Sqih1s1mIv4vyXezfSe9cOTeUovR8B6dUlT48e1:y6G2UjTbtTleco
Score

10^/10

google microsoft steam defense_evasion discovery persistence phishing
- Detected google phishing page
  phishing google
- Suspicious use of NtCreateProcessExOtherParentProcess
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: Montserratwght@300
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
- Detected potential entity reuse from brand STEAM.
  phishing steam
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

googlemicrosoftsteamdefense_evasiondiscoverypersistencephishing

behavioral2

© 2018-2024

Terms | Privacy