4f2831e1939e0237a7421a2a62e2b704e12e46799e4a4b71fd092bf21672f25e | Triage

Sharing

General

Target

4f2831e1939e0237a7421a2a62e2b704e12e46799e4a4b71fd092bf21672f25e
Size

104KB
Sample

241120-22p9csvepb
MD5

790c1484d923af6f80e5633644105c86
SHA1

a77d1b876c3f56d80dfc81656792f87b637be58e
SHA256

4f2831e1939e0237a7421a2a62e2b704e12e46799e4a4b71fd092bf21672f25e
SHA512

0cbff19b3c478e2e86b116aff6bae380c026484dbee4c614d538f4e3651c89d053825691cfc21377af47691d6dbff98a9f254842e6f4327d23e492e049778c06
SSDEEP

3072:CGk3hbdlylKsgqopeJBWhZFGkE+cL2NdAydb4oifHMVhoSc2vUz3UWDG:Hk3hbdlylKsgqopeJBWhZFVE+W2NdAyu

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://91.240.118.168/qw/as/se.html

Targets

- Target
  
  4f2831e1939e0237a7421a2a62e2b704e12e46799e4a4b71fd092bf21672f25e
- Size
  
  104KB
- MD5
  
  790c1484d923af6f80e5633644105c86
- SHA1
  
  a77d1b876c3f56d80dfc81656792f87b637be58e
- SHA256
  
  4f2831e1939e0237a7421a2a62e2b704e12e46799e4a4b71fd092bf21672f25e
- SHA512
  
  0cbff19b3c478e2e86b116aff6bae380c026484dbee4c614d538f4e3651c89d053825691cfc21377af47691d6dbff98a9f254842e6f4327d23e492e049778c06
- SSDEEP
  
  3072:CGk3hbdlylKsgqopeJBWhZFGkE+cL2NdAydb4oifHMVhoSc2vUz3UWDG:Hk3hbdlylKsgqopeJBWhZFVE+W2NdAyu
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2