c9e12c49d8ffdd74eb48df9d9acefad2ba0e0b3e93ef4bdce5d1bd69899ca6eb | Triage

Sharing

General

Target

c9e12c49d8ffdd74eb48df9d9acefad2ba0e0b3e93ef4bdce5d1bd69899ca6eb
Size

46KB
Sample

241120-1k216atpd1
MD5

40f0ef3ef45b688195f83abc45c69d14
SHA1

5c4632726a8e979f7eedc0f5cd0b739d44004696
SHA256

c9e12c49d8ffdd74eb48df9d9acefad2ba0e0b3e93ef4bdce5d1bd69899ca6eb
SHA512

4dffc5fab50f86cf91fd8a576c49687b999d19bea1f27fb807c4ab91ec73f213a1e41c74fac31342e63d578fc2c75232dc99fd8bf5897554424d67978b4e7715
SSDEEP

768:gxFpGk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJDvzwZhGjk9DnNZQJoD88yIvuEHn:OrGk3hbdlylKsgqopeJBWhZFGkE+cL2d

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://87.251.86.178/pp/bb.html

Targets

- Target
  
  c9e12c49d8ffdd74eb48df9d9acefad2ba0e0b3e93ef4bdce5d1bd69899ca6eb
- Size
  
  46KB
- MD5
  
  40f0ef3ef45b688195f83abc45c69d14
- SHA1
  
  5c4632726a8e979f7eedc0f5cd0b739d44004696
- SHA256
  
  c9e12c49d8ffdd74eb48df9d9acefad2ba0e0b3e93ef4bdce5d1bd69899ca6eb
- SHA512
  
  4dffc5fab50f86cf91fd8a576c49687b999d19bea1f27fb807c4ab91ec73f213a1e41c74fac31342e63d578fc2c75232dc99fd8bf5897554424d67978b4e7715
- SSDEEP
  
  768:gxFpGk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJDvzwZhGjk9DnNZQJoD88yIvuEHn:OrGk3hbdlylKsgqopeJBWhZFGkE+cL2d
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2