a2dac5be9699ebcd6b5faed4e54beb0cc8827d5e99fc89d1e3edbe03ed21f89c | Triage

Sharing

General

Target

a2dac5be9699ebcd6b5faed4e54beb0cc8827d5e99fc89d1e3edbe03ed21f89c
Size

63KB
Sample

241120-mg9pyavqhv
MD5

6f57bae527c30e180633c995b1d9febd
SHA1

24908aa2946a10b093cfd4ebebccb1dd444ef1af
SHA256

a2dac5be9699ebcd6b5faed4e54beb0cc8827d5e99fc89d1e3edbe03ed21f89c
SHA512

f57521d8bcb4311abef853576125cd045a5033158aa16ca20e28c07890d957224a7b5caebd8768e8661209e9d1a45c58c9d733cc29dcc483f8de3424d3cd067f
SSDEEP

1536:8URk3hbdlylKsgqopeJBWhZFGkE+cL2NdAKNzMk9B+oo1zMk9A+oos:8Mk3hbdlylKsgqopeJBWhZFGkE+cL2N0

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://87.251.86.178/pp/cc.html

Targets

- Target
  
  a2dac5be9699ebcd6b5faed4e54beb0cc8827d5e99fc89d1e3edbe03ed21f89c
- Size
  
  63KB
- MD5
  
  6f57bae527c30e180633c995b1d9febd
- SHA1
  
  24908aa2946a10b093cfd4ebebccb1dd444ef1af
- SHA256
  
  a2dac5be9699ebcd6b5faed4e54beb0cc8827d5e99fc89d1e3edbe03ed21f89c
- SHA512
  
  f57521d8bcb4311abef853576125cd045a5033158aa16ca20e28c07890d957224a7b5caebd8768e8661209e9d1a45c58c9d733cc29dcc483f8de3424d3cd067f
- SSDEEP
  
  1536:8URk3hbdlylKsgqopeJBWhZFGkE+cL2NdAKNzMk9B+oo1zMk9A+oos:8Mk3hbdlylKsgqopeJBWhZFGkE+cL2N0
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2