bf8a7821de4c9b3118146a154b21922ef769f2717793e8ed87da33761e013676 | Triage

Sharing

General

Target

bf8a7821de4c9b3118146a154b21922ef769f2717793e8ed87da33761e013676
Size

128KB
Sample

241120-k1ac3svfmj
MD5

741914ecb613891de62b62f1b4a99e26
SHA1

83945e53a409e722182867530ce9feb762b177c4
SHA256

bf8a7821de4c9b3118146a154b21922ef769f2717793e8ed87da33761e013676
SHA512

31a8716fa12286c4cf6690a62a0fa69bd9db9178ed8a057927aceb3c2b94a0070c37cdefd284e22a916a6545cf8b3c62c8b1365763a4930a4531fc92f41591c3
SSDEEP

3072:Wuk3hbdlylKsgqopeJBWhZFGkE+cL2NdAxEvN8B/W6X1yxYovrepMUdQ6gSz4i:Fk3hbdlylKsgqopeJBWhZFVE+W2NdAmv

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/cc.html

Targets

- Target
  
  bf8a7821de4c9b3118146a154b21922ef769f2717793e8ed87da33761e013676
- Size
  
  128KB
- MD5
  
  741914ecb613891de62b62f1b4a99e26
- SHA1
  
  83945e53a409e722182867530ce9feb762b177c4
- SHA256
  
  bf8a7821de4c9b3118146a154b21922ef769f2717793e8ed87da33761e013676
- SHA512
  
  31a8716fa12286c4cf6690a62a0fa69bd9db9178ed8a057927aceb3c2b94a0070c37cdefd284e22a916a6545cf8b3c62c8b1365763a4930a4531fc92f41591c3
- SSDEEP
  
  3072:Wuk3hbdlylKsgqopeJBWhZFGkE+cL2NdAxEvN8B/W6X1yxYovrepMUdQ6gSz4i:Fk3hbdlylKsgqopeJBWhZFVE+W2NdAmv
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2