cf010bfe6e85ff6fb9cae9aefd23e782665a3cdd3cc85e3f3f7754c12ff8e786 | Triage

Sharing

General

Target

cf010bfe6e85ff6fb9cae9aefd23e782665a3cdd3cc85e3f3f7754c12ff8e786
Size

141KB
Sample

241120-lzw15avdkc
MD5

1482095c861d11dd62819d667f66df9f
SHA1

faeb924c14ca70dfd4f8534a65ff354a35618336
SHA256

cf010bfe6e85ff6fb9cae9aefd23e782665a3cdd3cc85e3f3f7754c12ff8e786
SHA512

7201c08488f36934747551968a960590ea4989db9ea204d81e48d52babd78555872e1f24f5e56ac47417416ac80758b5d4c986bfc033f75ae32d1fbeb2f2650d
SSDEEP

3072:4Rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAlhEvN8B/W6X1yxYovrepMUdQ6gSz4iq:Qk3hbdlylKsgqopeJBWhZFVE+W2NdAli

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fer.html

Targets

- Target
  
  cf010bfe6e85ff6fb9cae9aefd23e782665a3cdd3cc85e3f3f7754c12ff8e786
- Size
  
  141KB
- MD5
  
  1482095c861d11dd62819d667f66df9f
- SHA1
  
  faeb924c14ca70dfd4f8534a65ff354a35618336
- SHA256
  
  cf010bfe6e85ff6fb9cae9aefd23e782665a3cdd3cc85e3f3f7754c12ff8e786
- SHA512
  
  7201c08488f36934747551968a960590ea4989db9ea204d81e48d52babd78555872e1f24f5e56ac47417416ac80758b5d4c986bfc033f75ae32d1fbeb2f2650d
- SSDEEP
  
  3072:4Rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAlhEvN8B/W6X1yxYovrepMUdQ6gSz4iq:Qk3hbdlylKsgqopeJBWhZFVE+W2NdAli
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2