408207e92d5af4e23d3f3ee317a5ce4479a78b05e06cceec69bb3e16c7f69d2f | Triage

Sharing

General

Target

408207e92d5af4e23d3f3ee317a5ce4479a78b05e06cceec69bb3e16c7f69d2f
Size

64KB
Sample

241120-s8fh3aydjg
MD5

437d0d50a1f872351b647c0d83ea14c9
SHA1

a95eda99cc563c281798f2db41b741f22078cdcb
SHA256

408207e92d5af4e23d3f3ee317a5ce4479a78b05e06cceec69bb3e16c7f69d2f
SHA512

4ab5fd3e34474a31d28179cad4d95413954706891e875180077d4033b2d359206bfc6efb8cf0209ed55da7cdd98d26cd62dea3f8773561761966afd8faf63299
SSDEEP

1536:8URk3hbdlylKsgqopeJBWhZFGkE+cL2NdAKNzMk9B+oo1zMk9A+oos:8Mk3hbdlylKsgqopeJBWhZFGkE+cL2N0

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://87.251.86.178/pp/cc.html

Targets

- Target
  
  408207e92d5af4e23d3f3ee317a5ce4479a78b05e06cceec69bb3e16c7f69d2f
- Size
  
  64KB
- MD5
  
  437d0d50a1f872351b647c0d83ea14c9
- SHA1
  
  a95eda99cc563c281798f2db41b741f22078cdcb
- SHA256
  
  408207e92d5af4e23d3f3ee317a5ce4479a78b05e06cceec69bb3e16c7f69d2f
- SHA512
  
  4ab5fd3e34474a31d28179cad4d95413954706891e875180077d4033b2d359206bfc6efb8cf0209ed55da7cdd98d26cd62dea3f8773561761966afd8faf63299
- SSDEEP
  
  1536:8URk3hbdlylKsgqopeJBWhZFGkE+cL2NdAKNzMk9B+oo1zMk9A+oos:8Mk3hbdlylKsgqopeJBWhZFGkE+cL2N0
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2