3df88fd8cc94b643c0abce07b76576a2e4ac0304d9a1a6d4bbaa6bf60f6d7d47 | Triage

Sharing

General

Target

3df88fd8cc94b643c0abce07b76576a2e4ac0304d9a1a6d4bbaa6bf60f6d7d47
Size

142KB
Sample

241120-17ybgsthkd
MD5

d889b0d126a586065548721f01fc92a7
SHA1

d4aa924bd0390658d4bf3bf7085406235e5df1e6
SHA256

3df88fd8cc94b643c0abce07b76576a2e4ac0304d9a1a6d4bbaa6bf60f6d7d47
SHA512

16e047fdc39057a5b8d889817c3d1cb1fbd2917c4b59877fd1ef6a9f323f68e8dbcf25255e38dfcd8b239a7abbd9c61900b11399d082b455a5ef5049ea878f1d
SSDEEP

3072:+5+nBqm9k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIMEvN8B/W6X1yxYovrepMUdQm:i+nBqm9k3hbdlylKsgqopeJBWhZFVE+g

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/ve/ve.html

Targets

- Target
  
  3df88fd8cc94b643c0abce07b76576a2e4ac0304d9a1a6d4bbaa6bf60f6d7d47
- Size
  
  142KB
- MD5
  
  d889b0d126a586065548721f01fc92a7
- SHA1
  
  d4aa924bd0390658d4bf3bf7085406235e5df1e6
- SHA256
  
  3df88fd8cc94b643c0abce07b76576a2e4ac0304d9a1a6d4bbaa6bf60f6d7d47
- SHA512
  
  16e047fdc39057a5b8d889817c3d1cb1fbd2917c4b59877fd1ef6a9f323f68e8dbcf25255e38dfcd8b239a7abbd9c61900b11399d082b455a5ef5049ea878f1d
- SSDEEP
  
  3072:+5+nBqm9k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIMEvN8B/W6X1yxYovrepMUdQm:i+nBqm9k3hbdlylKsgqopeJBWhZFVE+g
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2