22cc5f027f58624d6d7b256f7c86f0fbfb56d892ce04834782078ad1c58ff9fe | Triage

Sharing

General

Target

22cc5f027f58624d6d7b256f7c86f0fbfb56d892ce04834782078ad1c58ff9fe
Size

71KB
Sample

241120-prk6fawgjb
MD5

1f4b74b40be109d5a7e1f6fc7d2b2a77
SHA1

b9be35374f2d074c0ae9b606e8993a67767de56b
SHA256

22cc5f027f58624d6d7b256f7c86f0fbfb56d892ce04834782078ad1c58ff9fe
SHA512

500ec22f3f55e4e4ef0add0084e03f79829cb58380cbe92eca43cc6db6ec4320a5cbfa3f0fb8bc4a447bcb04ba3720a2850d3e693e4305d2a82ee1f502939c08
SSDEEP

1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fe2.html

Targets

- Target
  
  22cc5f027f58624d6d7b256f7c86f0fbfb56d892ce04834782078ad1c58ff9fe
- Size
  
  71KB
- MD5
  
  1f4b74b40be109d5a7e1f6fc7d2b2a77
- SHA1
  
  b9be35374f2d074c0ae9b606e8993a67767de56b
- SHA256
  
  22cc5f027f58624d6d7b256f7c86f0fbfb56d892ce04834782078ad1c58ff9fe
- SHA512
  
  500ec22f3f55e4e4ef0add0084e03f79829cb58380cbe92eca43cc6db6ec4320a5cbfa3f0fb8bc4a447bcb04ba3720a2850d3e693e4305d2a82ee1f502939c08
- SSDEEP
  
  1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2