b4fdd0ad80aeacb9fe376e2033e6bedb40d260f8e02b948e8f9f32e4544220aa | Triage

Sharing

General

Target

b4fdd0ad80aeacb9fe376e2033e6bedb40d260f8e02b948e8f9f32e4544220aa
Size

101KB
Sample

241120-p5fg4s1phn
MD5

e1971894e94e0c29a57248a2940d7d4d
SHA1

12640bcd639513cbaf5f698b5c8069a874d37548
SHA256

b4fdd0ad80aeacb9fe376e2033e6bedb40d260f8e02b948e8f9f32e4544220aa
SHA512

e157531246d5254a9ccc8382c20102e0faaae61aaed823fa7a63eff8da464c147a8133945bab86d35c255c3c14a322ddf787d89435925751ac83a358d325abcf
SSDEEP

3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fe3.html

Targets

- Target
  
  b4fdd0ad80aeacb9fe376e2033e6bedb40d260f8e02b948e8f9f32e4544220aa
- Size
  
  101KB
- MD5
  
  e1971894e94e0c29a57248a2940d7d4d
- SHA1
  
  12640bcd639513cbaf5f698b5c8069a874d37548
- SHA256
  
  b4fdd0ad80aeacb9fe376e2033e6bedb40d260f8e02b948e8f9f32e4544220aa
- SHA512
  
  e157531246d5254a9ccc8382c20102e0faaae61aaed823fa7a63eff8da464c147a8133945bab86d35c255c3c14a322ddf787d89435925751ac83a358d325abcf
- SSDEEP
  
  3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2