f9a1443232b13a12bba41c02e7720278627ed24ea0988f9953b4717ff8ee6a3a | Triage

Sharing

General

Target

f9a1443232b13a12bba41c02e7720278627ed24ea0988f9953b4717ff8ee6a3a
Size

102KB
Sample

241120-d8wsqavmcn
MD5

9a7a8c75f3b0d70677de69bb83e124b1
SHA1

1fc88cb99977b9f1cf6995e74f264661b6e4fd5c
SHA256

f9a1443232b13a12bba41c02e7720278627ed24ea0988f9953b4717ff8ee6a3a
SHA512

e9a1b7a41430c904054bd13cc73291e7021c994cd50b4c742d32b014cb6dfcef0f2a6a6e1b8aff7bbcf3c9b708d7f0cf6f3109e11e5f2fa332e20dd54d058320
SSDEEP

3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fe3.html

Targets

- Target
  
  f9a1443232b13a12bba41c02e7720278627ed24ea0988f9953b4717ff8ee6a3a
- Size
  
  102KB
- MD5
  
  9a7a8c75f3b0d70677de69bb83e124b1
- SHA1
  
  1fc88cb99977b9f1cf6995e74f264661b6e4fd5c
- SHA256
  
  f9a1443232b13a12bba41c02e7720278627ed24ea0988f9953b4717ff8ee6a3a
- SHA512
  
  e9a1b7a41430c904054bd13cc73291e7021c994cd50b4c742d32b014cb6dfcef0f2a6a6e1b8aff7bbcf3c9b708d7f0cf6f3109e11e5f2fa332e20dd54d058320
- SSDEEP
  
  3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2