36af992ab016a84758ce4fafe17e0d2d0da4bf545d684398cb25ba986a57c309 | Triage

Sharing

General

Target

36af992ab016a84758ce4fafe17e0d2d0da4bf545d684398cb25ba986a57c309
Size

71KB
Sample

241120-vhhlvazld1
MD5

4656b408481f07213f982e8dd11c457f
SHA1

c5ceb427a39a39c2741131c3f872fb0265aaf6f0
SHA256

36af992ab016a84758ce4fafe17e0d2d0da4bf545d684398cb25ba986a57c309
SHA512

f960fcdd27dab8a3f86a26211f6ba823075993edbc4e9c5600a8731381612cbd1e1dd422faebb34819599b67f87805beed0c70d400c5d4d1f25c4add41532fab
SSDEEP

1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fe2.html

Targets

- Target
  
  36af992ab016a84758ce4fafe17e0d2d0da4bf545d684398cb25ba986a57c309
- Size
  
  71KB
- MD5
  
  4656b408481f07213f982e8dd11c457f
- SHA1
  
  c5ceb427a39a39c2741131c3f872fb0265aaf6f0
- SHA256
  
  36af992ab016a84758ce4fafe17e0d2d0da4bf545d684398cb25ba986a57c309
- SHA512
  
  f960fcdd27dab8a3f86a26211f6ba823075993edbc4e9c5600a8731381612cbd1e1dd422faebb34819599b67f87805beed0c70d400c5d4d1f25c4add41532fab
- SSDEEP
  
  1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2