a9a6bde09c84bbea924f8692ee2f1ccf15a71c706280ea1c4a7d2ab189fce030 | Triage

Sharing

General

Target

a9a6bde09c84bbea924f8692ee2f1ccf15a71c706280ea1c4a7d2ab189fce030
Size

101KB
Sample

241120-f6vtrasjb1
MD5

a21898a09a41f3db7770516b83c1ad57
SHA1

fe0a3c3f087cc11db0e9ed13889b231a45e29d79
SHA256

a9a6bde09c84bbea924f8692ee2f1ccf15a71c706280ea1c4a7d2ab189fce030
SHA512

f957b60ed9270c92cfbb70e99f39f9d15deb7bfd3fe916b3fbda4de17e5ac39e0160b119f076482ca3981aad01edac369cc90320359c0cbb0f91b74d8f321eb8
SSDEEP

3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fe3.html

Targets

- Target
  
  a9a6bde09c84bbea924f8692ee2f1ccf15a71c706280ea1c4a7d2ab189fce030
- Size
  
  101KB
- MD5
  
  a21898a09a41f3db7770516b83c1ad57
- SHA1
  
  fe0a3c3f087cc11db0e9ed13889b231a45e29d79
- SHA256
  
  a9a6bde09c84bbea924f8692ee2f1ccf15a71c706280ea1c4a7d2ab189fce030
- SHA512
  
  f957b60ed9270c92cfbb70e99f39f9d15deb7bfd3fe916b3fbda4de17e5ac39e0160b119f076482ca3981aad01edac369cc90320359c0cbb0f91b74d8f321eb8
- SSDEEP
  
  3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2