24ca505f24619029d18677eb0d8ba7496f217e9f822d0e390de9462bfb3f7f24 | Triage

Sharing

General

Target

24ca505f24619029d18677eb0d8ba7496f217e9f822d0e390de9462bfb3f7f24
Size

102KB
Sample

241120-lscznsvclh
MD5

e0afe16bc322e3a665831725ef87d03f
SHA1

642990e1712c48f480beb3a34092d8aab3625f40
SHA256

24ca505f24619029d18677eb0d8ba7496f217e9f822d0e390de9462bfb3f7f24
SHA512

0cbbe8bf34e76292dfe1a2bc4e2546ef6c74a5a72288b728ee45eba29700166e38d594a4ba2ae5f4c4bbff15817eecc6aaf79d86fe445e6bf866bc6605dc109d
SSDEEP

3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fe3.html

Targets

- Target
  
  24ca505f24619029d18677eb0d8ba7496f217e9f822d0e390de9462bfb3f7f24
- Size
  
  102KB
- MD5
  
  e0afe16bc322e3a665831725ef87d03f
- SHA1
  
  642990e1712c48f480beb3a34092d8aab3625f40
- SHA256
  
  24ca505f24619029d18677eb0d8ba7496f217e9f822d0e390de9462bfb3f7f24
- SHA512
  
  0cbbe8bf34e76292dfe1a2bc4e2546ef6c74a5a72288b728ee45eba29700166e38d594a4ba2ae5f4c4bbff15817eecc6aaf79d86fe445e6bf866bc6605dc109d
- SSDEEP
  
  3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2